JSF 2.0:如何重定向到受保护的页面使用后HttpServletRequest.login [英] JSF 2.0 : How to redirect to the protected page after using HttpServletRequest.login
问题描述
我试图使用HttpServletRequest.login基于表单的身份验证。
一切正常(容器告知用户,如果登录/密码都不错),但用户输入自己的登录后,我不知道如何将用户重定向到受保护的页面,他问(登录表单重新显示)。那怎么办?
在此先感谢您的帮助。
在code:
web.xml中:
<登录名,配置>
< AUTH-方法>表并LT; / AUTH-方法>
<境界-名称>安全和LT; /领域-名称>
<形式登录,配置>
&LT;形式登录页&GT; /faces/loginwithlogin.xhtml< /表单登录页&GT;
&LT;形式的错误页面&GT; /faces/noaut.xhtml< /表单错误页&GT;
&LT; /表单登录,配置&GT;
&LT; /登录,配置&GT;
页loginwithlogin.xhtml
&LT; HTML的xmlns =http://www.w3.org/1999/xhtml
的xmlns:H =http://java.sun.com/jsf/html
的xmlns:F =http://java.sun.com/jsf/core&GT;
&LT; H:头&GT;
&LT;标题&GT;身份验证和LT; /标题&GT;
&LT; /小时:头&GT;
&LT; H:身体GT;
&LT; H:形式&GT;
登录 :
&LT; H:inputText的值=#{} login.login所需=真/&GT;
&所述; P /&GT;
电机德过时:
&LT; H:inputSecret值=#{} login.password所需=真/&GT;
&所述; P /&GT;
&LT; H:的commandButton值=联接行动=#{} login.submit&GT;
&LT; F:AJAX执行=@表渲染=@表/&GT;
&LT; / H:&的commandButton GT;
&LT; H:信息/&GT;
&LT; /小时:形式&GT;
&LT; /小时:身体GT;
&LT; / HTML&GT;
更新:没有Ajax它不工作
。支持bean:
@Named
@SessionScoped
公共类登录实现Serializable {
私人字符串登录;
私人字符串密码;
// getter和setter
... 公共无效提交(){
FacesContext的上下文= FacesContext.getCurrentInstance();
HttpServletRequest的请求=
(HttpServletRequest的)context.getExternalContext()调用getRequest()。
尝试{
request.login(登录,MDP);
context.addMessage(NULL,
新的FacesMessage(FacesMessage.SEVERITY_INFO,
OK,空));
}赶上(ServletException异常五){
context.addMessage(NULL,
新的FacesMessage(FacesMessage.SEVERITY_ERROR,
坏登录,NULL));
}
}}
在容器管理的基于表单的身份验证的情况下,登录页面是由<一个开在幕后href=\"http://docs.oracle.com/javaee/6/api/javax/servlet/RequestDispatcher.html#forward%28javax.servlet.ServletRequest,%20javax.servlet.ServletResponse%29\"相对=nofollow> RequestDispatcher的向前#() 和原始请求URI因此可作为与所确定的 的RequestDispatcher#FORWARD_REQUEST_URI 。请求属性(基本上,请求范围)是JSF提供由<一个href=\"http://docs.oracle.com/javaee/6/api/javax/faces/context/ExternalContext.html#getRequestMap%28%29\"相对=nofollow> 的ExternalContext#getRequestMap() 。
因此,这个应该做的:
私人字符串requestedURI;@PostConstruct
公共无效的init(){
requestedURI = FacesContext.getCurrentInstance()。getExternalContext()
。.getRequestMap()获得(RequestDispatcher.FORWARD_REQUEST_URI); 如果(requestedURI == NULL){
requestedURI =一些/默认/ home.xhtml;
}
}公共无效提交()抛出IOException
// ... 尝试{
request.login(用户名,密码);
externalContext.redirect(requestedURI);
}赶上(ServletException异常五){
context.addMessage(NULL,
新的FacesMessage(FacesMessage.SEVERITY_ERROR,
坏登录,NULL));
}
}
您只需要做出豆 @ViewScoped (JSF)或 @ConversationScoped (CDI),而不是 @SessionScoped (而绝对不是 @RequestScoped ;否则,不同的方法需要与&LT使用; F:参数&GT; 和&LT; F:。viewParam&GT; )
I'm trying to use HttpServletRequest.login with form based authentication.
All is ok (the container tells if login/password are good), except that after the user has entered his login, I don't know how to redirect the user to the protected page he asked for (the login form is redisplayed). How to do that?
Thanks in advance for your help.
The code:
web.xml:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>security</realm-name>
<form-login-config>
<form-login-page>/faces/loginwithlogin.xhtml</form-login-page>
<form-error-page>/faces/noaut.xhtml</form-error-page>
</form-login-config>
</login-config>
Page loginwithlogin.xhtml
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core">
<h:head>
<title>Authentication</title>
</h:head>
<h:body>
<h:form>
Login :
<h:inputText value="#{login.login}" required="true" />
<p/>
Mot de passe :
<h:inputSecret value="#{login.password}" required="true" />
<p/>
<h:commandButton value="Connexion" action="#{login.submit}">
<f:ajax execute="@form" render="@form" />
</h:commandButton>
<h:messages />
</h:form>
</h:body>
</html>
Update: without Ajax it does not work.
Backing bean:
@Named
@SessionScoped
public class Login implements Serializable {
private String login;
private String password;
// getters and setters
...
public void submit() {
FacesContext context = FacesContext.getCurrentInstance();
HttpServletRequest request =
(HttpServletRequest) context.getExternalContext().getRequest();
try {
request.login(login, mdp);
context.addMessage(null,
new FacesMessage(FacesMessage.SEVERITY_INFO,
"OK", null));
} catch (ServletException e) {
context.addMessage(null,
new FacesMessage(FacesMessage.SEVERITY_ERROR,
"Bad login", null));
}
}
}
In case of container managed form based authentication, the login page is under the covers opened by a RequestDispatcher#forward() and the original request URI is therefore available as a request attribute with the name as identified by RequestDispatcher#FORWARD_REQUEST_URI. Request attributes (basically, the request scope) is in JSF available by ExternalContext#getRequestMap().
Thus, this should do:
private String requestedURI;
@PostConstruct
public void init() {
requestedURI = FacesContext.getCurrentInstance().getExternalContext()
.getRequestMap().get(RequestDispatcher.FORWARD_REQUEST_URI);
if (requestedURI == null) {
requestedURI = "some/default/home.xhtml";
}
}
public void submit() throws IOException {
// ...
try {
request.login(username, password);
externalContext.redirect(requestedURI);
} catch (ServletException e) {
context.addMessage(null,
new FacesMessage(FacesMessage.SEVERITY_ERROR,
"Bad login", null));
}
}
You only need to make the bean @ViewScoped (JSF) or @ConversationScoped (CDI) instead of @SessionScoped (and absolutely not @RequestScoped; otherwise a different approach needs to be used with <f:param> and <f:viewParam>).
这篇关于JSF 2.0:如何重定向到受保护的页面使用后HttpServletRequest.login的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
