我正在尝试设置webfilter并需要一些帮助。我的过滤器在初始登录时运行正常,但是当会话超时,并且我点击任何链接时,它会触发我的重定向语句,但浏览器中的网页永远不会被重定向。有人可以帮忙解决这个问题吗?非常感谢。
过滤
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package src;
import java.io.IOException;
import javax.faces.application.NavigationHandler;
import javax.faces.context.FacesContext;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
*
* @author Bernard
*/
@WebFilter(filterName = "LoginFilter", urlPatterns = {"/*"})
public class LoginFilter implements Filter {
//FilterConfig fc;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//fc = filterConfig;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String pageRequested = req.getRequestURL().toString();
Boolean authenticated = (Boolean) session.getAttribute("authenticated");
if (authenticated == null) {
authenticated = false;
}
if (!authenticated && !pageRequested.contains("login")) {
res.setStatus(301);
res.sendRedirect(req.getContextPath() + "/login/login.xhtml");
} else {
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
//fc = null;
}
}
faces-config.xml中
<?xml version='1.0' encoding='UTF-8'?>
<!-- =========== FULL CONFIGURATION FILE ================================== -->
<faces-config version="2.1"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd">
<navigation-rule>
<from-view-id>/*</from-view-id>
<navigation-case>
<from-outcome>success</from-outcome>
<to-view-id>/index.xhtml</to-view-id>
<redirect/>
</navigation-case>
<navigation-case>
<from-outcome>failure</from-outcome>
<to-view-id>/login/login.xhtml</to-view-id>
<redirect/>
</navigation-case>
</navigation-rule>
</faces-config>
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>FacesServlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>FacesServlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/index.xhtml</welcome-file>
</welcome-file-list>
<filter>
<filter-name>restrict</filter-name>
<filter-class>src.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>restrict</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
验证Bean
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package src;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/**
*
* @author Bernard
*/
@ManagedBean
@SessionScoped
public class Authenticator {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String authenticateUser(ServletRequest request) {
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession(true);
session.setMaxInactiveInterval(30);
Boolean authenticated = (Boolean) session.getAttribute("authenticated");
Database pgDatabase = new Database();
Admin foundAdmin = null;
try {
foundAdmin = (Admin) pgDatabase.findAdminByUsername(username);
} catch (ClassNotFoundException ex) {
Logger.getLogger(Authenticator.class.getName()).log(Level.SEVERE, null, ex);
}
Admin currentAdmin = new Admin();
currentAdmin.userName = username;
currentAdmin.password = this.hashPassword((password));
if (authenticated != null && authenticated != true) {
if (foundAdmin != null) {
if (currentAdmin.equals(foundAdmin)) {
authenticated = true;
session.setAttribute("authenticated", true);
return "success";
} else {
authenticated = false;
session.setAttribute("authenticated", false);
return "failure";
}
} else {
authenticated = false;
session.setAttribute("authenticated", false);
return "failure";
}
} else {
session.setAttribute("authenticated", true);
authenticated = true;
return "success";
}
}
public String logOut() {
FacesContext ctx = FacesContext.getCurrentInstance();
ExternalContext extCtx = ctx.getExternalContext();
Map<String, Object> sessionMap = extCtx.getSessionMap();
sessionMap.put("authenticated", false);
return "failure";
}
public String hashPassword(String passwordToHash) {
String hashword = null;
try {
MessageDigest md5 = MessageDigest.getInstance("MD5");
md5.update(password.getBytes());
BigInteger hash = new BigInteger(1, md5.digest());
hashword = hash.toString(16);
} catch (NoSuchAlgorithmException nsae) {
}
return hashword;
}
}
答案 0 :(得分:10)
你的过滤器看起来很好(除了非常弱的url.contains("login")
测试,并且2种方式错误地尝试将响应状态设置为301并且检查登录用户的方式有点差。)
我认为您的具体问题是由于您通过ajax链接而不是普通链接执行导航。您不能以这种方式发送ajax响应的重定向。 JSF ajax引擎和webbrowser都没有遵循关于JSF ajax响应的302重定向。客户端最终会得到一个完全被忽略的ajax响应。
相反,您应该发送一个特殊的XML响应,指示JSF ajax引擎发送重定向。正是在JSF上下文中发送的XML响应正是在ajax请求期间使用了ExternalContext#redirect()
。
<?xml version="1.0" encoding="UTF-8"?>
<partial-response>
<redirect url="/contextpath/login/login.xhtml"></redirect>
</partial-response>
在servlet过滤器中,首先应检查请求是否涉及JSF ajax请求,如果是,则返回上述XML响应,否则只需按常规方式调用HttpServletResponse#sendRedirect()
。您可以通过检查Faces-Request
请求标头是否存在并且等于partial/ajax
来执行此操作。
if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
// It's a JSF ajax request.
}
所以,总而言之,你的doFilter()
应该看起来像这样:
String loginURL = req.getContextPath() + "/login/login.xhtml";
if (!authenticated && !req.getRequestURI().equals(loginURL)) {
if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
res.setContentType("text/xml");
res.getWriter()
.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>")
.printf("<partial-response><redirect url=\"%s\"></redirect></partial-response>", loginURL);
} else {
res.sendRedirect(loginURL);
}
} else {
chain.doFilter(request, response);
}