identity.logout()之后的ViewExpiredException;在JBoss Seam

时间:2012-12-21 11:38:59

标签: java jsf seam

AuthenticationFilter重定向到登录页面后,我想退出给用户。

这就是为什么,我将identity.logout();放在checkPermission(...)的预渲染方法login.xhtml中。

但是,当用户再次登录时,我会收到ViewExpiredException

我的问题是

1:如果我没有identity.logout();,则由于旧用户会话仍然存在,用户将再次重新登录。    2:如果我identity.logout();,我会在用户再次登录时获得ViewExpiredException

AuthenticationFilter.java 

public class AuthenticationFilter implements Filter  {
    .....

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpRequest.getSession();
        User user = (User) session.getAttribute(Constants.LOGIN_USER);
        if (user == null) {
            session.setAttribute(Constants.MESSAGE_ID, MessageId.REQUIRED_TO_LOGIN);
            String loginView = httpRequest.getContextPath() + Constants.LOGIN_PAGE;
            httpResponse.sendRedirect(loginView);
        } else if (!user.getRole().equals(Role.SYSTEM_ADMINISTRATOR)) {
            System.out.println("User Role : " + user.getRole());
            session.setAttribute(Constants.MESSAGE_ID, MessageId.REQUIRED_TO_ADMIN_ROLE);
            String loginView = httpRequest.getContextPath() + Constants.LOGIN_PAGE;
            httpResponse.sendRedirect(loginView);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
        servletContext.log("Exiting the filter");
    }

    public void destroy() {
    }
}

login.xhtml 

....
<f:event listener="#{LoginBean.checkPermission}" type="preRenderView" />
....

LoginBean.java 

@Scope(ScopeType.EVENT)
@Name("LoginBean")
public class LoginBean extends BaseBean {
    ....

    public boolean authenticate() {
        ....
    }

    public void checkPermission(ComponentSystemEvent event) {
        FacesContext context = getFacesContext();
        ExternalContext  extContext = context.getExternalContext();
        String messageId = (String) extContext.getSessionMap().remove(Constants.MESSAGE_ID);
        if(messageId != null) {
            identity.logout();
            addMessage(null, FacesMessage.SEVERITY_ERROR, messageId);   
        }
    }
}

1 个答案:

答案 0 :(得分:5)

请勿在{{1​​}}方法中使用identity.logout();。在prerenderview中,如果您希望破坏当前会话并创建新会话,请在传递messageID之前执行以下操作。

AuthenticationFilter
相关问题
最新问题