我在使用JSF创建一些用户授权/检查之前,在安全/目录下输入特定页面但没有成功......我尝试使用phaselistener和过滤器但是stil ...很好,任何帮助都非常受欢迎。
我正在使用Eclipse Juno。
我的web.xml如下:
<filter>
<filter-name>AuthorizationFilter</filter-name>
<filter-class>login.security.AuthorizationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>/secure/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
AuthorizationFilter看起来像这样:
public class AuthorizationFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
HttpServletRequest req = (HttpServletRequest) request;
login.Login_bean login_bean = (login.Login_bean)
req.getSession().getAttribute("username");
if (login_bean != null && login_bean.isLoggedIn()) {
chain.doFilter(request, response);
} else {
HttpServletResponse res = (HttpServletResponse) response;
res.sendRedirect(req.getContextPath() + "/index.xhtml");
}
}
使用overriden destroy()和init。它是来自几个网站的复制/过去。
Login_bean是托管和会话范围的,当用户/传递对正确时,我运行了这个:
if(password.equals(dbpassword)){
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().put("username", username);
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().put("email", email);
this.visibleLogout="true";
this.visibleLogin="false";
return "valid";
}
目录结构如下:
WebContent
-> secure
-> projects.xhtml
-> index.xhtml
index.xhtml我想禁止访问:
<p:menuitem id="projects" value="#{menuBean.projectsValue}" action="#{menuBean.navTo(projects)}" icon="ui-icon-circle-triangle-e" />.
最后 menuBean.navTo()是:
public String navTo(String whereTo)
{
return "/secure/projects";
}
我已经以某种方式撞墙了。即使将url-pattern更改为/ faces / secure / *我仍然会转发到projects.xhtml
full faces-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<faces-config xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd"
version="2.1">
<managed-bean>
<managed-bean-name>languageBean</managed-bean-name>
<managed-bean-class>languageControl.LanguageBean</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
<managed-bean>
<managed-bean-name>menuBean</managed-bean-name>
<managed-bean-class>menuControl.MenuBean</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
<navigation-rule>
<description>login_rule</description>
<from-view-id>/index.xhtml</from-view-id>
<navigation-case>
<from-action>#{login_bean.checkValidUser}</from-action>
<from-outcome>valid</from-outcome>
<to-view-id>/nav.xhtml</to-view-id>
</navigation-case>
<navigation-case>
<from-action>#{login_bean.checkValidUser}</from-action>
<from-outcome>invalid</from-outcome>
<to-view-id>/index.xhtml</to-view-id>
</navigation-case>
</navigation-rule>
<application>
<locale-config>
<default-locale>en</default-locale>
<supported-locale>gr</supported-locale>
</locale-config>
<resource-bundle>
<base-name>languageControl.messages</base-name>
<var>msg</var>
</resource-bundle>
</application>
<validator>
<validator-id>passwordValidator</validator-id>
<validator-class>registration.passwordValidator</validator-class>
</validator>
<managed-bean>
<managed-bean-name>Login_bean</managed-bean-name>
<managed-bean-class>login.Login_bean</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
<managed-bean>
<managed-bean-name>sendMail</managed-bean-name>
<managed-bean-class>common.sendMail</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
<!-- <managed-property> <property-name>email</property-name> <value>#{sendMail.email}</value>
</managed-property> -->
</managed-bean>
<validator>
<validator-id>EmailValidator</validator-id>
<validator-class>registration.EmailValidator</validator-class>
</validator>
<managed-bean>
<managed-bean-name>RegistrationBean</managed-bean-name>
<managed-bean-class>registration.RegistrationBean</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
</faces-config>
完整的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>personalSite</display-name>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<filter>
<filter-name>AuthorizationFilter</filter-name>
<filter-class>login.security.AuthorizationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>/secure/*</url-pattern>
</filter-mapping>
</web-app>
答案 0 :(得分:0)
你在调试器中运行它吗?我在“doFilter()”的顶部放置一个断点,看看过滤器是否正在执行。一旦你弄清楚它是否真的在执行,请逐步执行代码(假设它正在过滤)并查看逻辑未按预期执行的原因。如果没有解雇,你可以打赌它可能是配置中的一些虚假内容。