注销后的 JSF 寿命 [英] JSF life after logout

问题描述

我正在使用基于表单的身份验证.

I'm using form based authentication.

我有一个注销链接，如下所示:

I have a logout link which looks like:

<h:commandLink action="#{loginBean.logout}">
    <h:outputText value="logout" />
</h:commandLink></div>

以及相应的注销方法:

public String logout() {
    FacesContext.getCurrentInstance().getExternalContext().invalidateSession();

    return "/view/index?faces-redirect=true"; // Redirect added as per BalusC's suggestion.
}

点击注销链接后，我返回到首页，但似乎没有 CSS.当我点击按钮运行搜索时，我收到以下错误:

After hitting the logout link I'm returned to the front page, but seemingly without CSS. When I hit a button to run a search I get the following error:

javax.faces.application.ViewExpiredException: viewId:/view/index.jsf - View /view/index.jsf could not be restored.

然而 CSS 实际上在/resources 下，根据我的理解，它不需要身份验证:

And yet the CSS is actually under /resources which shouldn't require authentication as I understand my web.xml:

    <security-constraint>
    <web-resource-collection>
        <web-resource-name>fizio</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Unprotected area</web-resource-name>
        <url-pattern>/resources/*</url-pattern>
    </web-resource-collection>
</security-constraint>

在这种状态下，我似乎能够再次登录并查看一些在偶尔出现的视图无法恢复错误之间的数据，但没有 CSS.这真的有点坏了.任何建议将不胜感激.

From this state I seem to be able to login again and see some data between occasional view-could-not-be-restored errors, but no CSS. It's all a bit broken really. Any suggestions would be appreciated.

预计到达时间:登录表单:

ETA: Login form:

<form method="POST" action="j_security_check">
    <label for="j_password">Username:</label> <input type="text" name="j_username" />
    <br />
    <label for="j_password">Password:</label> <input type="password" name="j_password" /> <input type="submit" value="Login" />
</form>

推荐答案

invalidate 后需要重定向.否则页面会在无效"会话中显示.将 faces-redirect=true 添加到结果中以触发重定向.

You need to redirect after invalidate. Otherwise the page is been shown in midst of the "invalidated" session. Add faces-redirect=true to the outcome to trigger the redirect.

public String logout() {
    FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
    return "/index?faces-redirect=true";
}

重定向将导致浏览器在 POST 响应后触发一个新的 GET 请求，进而导致服务器创建一个全新的会话.这样，视图将按预期工作.

The redirect will cause the webbrowser to fire a new GET request after the POST response and in turn cause the server to create a brand new session. This way the views will work as intended.

至于 CSS 资源，它们显然仍然需要登录.您在那里拥有的未受保护的区域"约束将不起作用.删除它并将主要安全约束的 URL 模式更改为例如 /app/* 或任何安全区域的公共路径.

As to the CSS resources, they apparently still need a login. The "Unprotected area" constraint which you have there is not going to work. Remove it and change the URL-pattern of your main security constraint to for example /app/* or whatever a common path of the secured area is.

这篇关于注销后的 JSF 寿命的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！