jsf security-contraint在用户未登录时保护链接? [英] jsf security-contraint to protect link when the user is not signed in?
问题描述
我有一个JSF2(GlassFish 3.0)应用程序,它定义了安全约束(下面的例子)。我的问题是,我有一个注册的链接,当用户登录时应该无法访问。
I have a JSF2 (GlassFish 3.0) application which security constraints defined (example below). My problem is, I have a "sign up" link that should not be accessible when the user is logged in.
也就是说,如果他们试图点击/注册.jsf他们应该能够访问,如果他们记录;所以如果有任何角色,他们应该不能能够看到页面。
That is, if they try to hit "/signup.jsf" they should be able to access is if they are logged; so if the have any roles, they should not be able to see the page.
有没有办法做一个反向安全这样的约束?
Is there a way to do an "inverse" security constraint like that?
欢迎任何建议,谢谢!
Rob
Any suggestions are welcome, thanks! Rob
来自我的应用程序的示例约束,如果有用的话:
Example constraint from my app, in case that's useful:
<security-constraint>
<display-name>profileForm</display-name>
<web-resource-collection>
<web-resource-name>profileForm</web-resource-name>
<url-pattern>/profileForm.jsf</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>GENERAL</role-name>
<role-name>ADMIN</role-name>
<role-name>STAFF</role-name>
<role-name>INSTRUCTOR</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
推荐答案
只要创建一个 过滤器
,它确实如此。
Just create a Filter
which does exactly that.
@WebFilter(urlPatterns={"/signup.jsf"})
public class SignupFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// ...
if (userIsLoggedIn) {
((HttpServletResponse) response).sendRedirect("already_loggedin.jsf");
} else {
chain.doFilter(request, response);
}
}
// ...
}
关于授权/认证,标准的JSF提供什么都没有。 JSF只是一个基于组件的MVC框架。
There is really nothing which standard JSF offers out the box with regard to authorization/authentication. JSF is just a component based MVC framework.
- < a href =https://stackoverflow.com/tags/servlet-filters/info>我们的Servlet过滤器wiki页面
- Our Servlet Filters wiki page
这篇关于jsf security-contraint在用户未登录时保护链接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!