Question

我有一个使用Spring Security + LDAP的登录页面。身份验证本身可以正常运行将表单从常规HTML更改为Primefaces / JSF标记后，问题就出现了。用户通过身份验证后，页面不会重定向到索引页面，但会在第二次尝试后重定向。由于某种原因，会话正在被清除。我已经阅读了很多关于使用JSF登录的帖子和教程，以及类似的问题，但到目前为止，它们都没有奏效。

以下是我的一些配置：

login.xhtml BEFORE Primefaces / JSF

<form action='#{request.contextPath}/j_spring_security_check' method='POST' id="loginForm">
...
</form>

login.xhtml AFTER Primefaces / JSF

<h:form id="loginForm">         
    <h:outputLabel for="j_username" value="User" /> 
    <p:inputText id="j_username" required="true" value="#{loginBean.username}"></p:inputText>

    <h:outputLabel for="j_password" value="Password" /> 
    <p:password id="j_password" required="true" value="#{loginBean.password}"></p:password>             

    <h:commandButton type="submit" id="loginButton" action="#{loginBean.doLogin}" value="LOGIN" />              
</h:form>

securityContext.xml

<security:http use-expressions="true">
    <security:intercept-url pattern="/login.xhtml" access="isAnonymous()" />
    <security:intercept-url pattern="/index.xhtml" access="isAuthenticated()" />

    <security:form-login login-processing-url="/j_spring_security_check" 
                         login-page="/login.xhtml"          
                         authentication-failure-handler-ref="authenticationFailureHandler"  
                         default-target-url="/index.xhtml"      
                         always-use-default-target="true" />
     ...
</security:http>

LoginBean.java

public String doLogin() throws IOException, ServletException {

       try {

           ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
           RequestDispatcher dispatcher = ((ServletRequest)context.getRequest()).getRequestDispatcher("/j_spring_security_check");              
           dispatcher.forward((ServletRequest)context.getRequest(), (ServletResponse)context.getResponse());
           FacesContext.getCurrentInstance().responseComplete();

           return "/index?faces-redirect=true";          

       } 

       ...

}

的web.xml

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

面-config.xml中

<managed-bean>
    <managed-bean-name>loginBackingBean</managed-bean-name>
    <managed-bean-class>my.project.jsf.beans.LoginBean</managed-bean-class>
    <managed-bean-scope>request</managed-bean-scope>    
</managed-bean>

堆栈跟踪的一部分

<SecurityContext is empty or anonymous - context will not be stored in HttpSession. >
SEVERE: Servlet.service() for servlet Faces Servlet threw exception
java.lang.IllegalStateException
    at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:435)

Answer 1

解决。问题与登录后页面的重定向有关。我使用了以下代码行：

FacesContext.getCurrentInstance().getExternalContext().redirect("inicio.xhtml");

我在阅读post

后得到了这个想法

LoginBean.java 如下所示：

public String doLogin() throws IOException, ServletException {

       try {

           ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
           RequestDispatcher dispatcher = ((ServletRequest)context.getRequest()).getRequestDispatcher("/j_spring_security_check");              
           dispatcher.forward((ServletRequest)context.getRequest(), (ServletResponse)context.getResponse());
           FacesContext.getCurrentInstance().responseComplete();
           FacesContext.getCurrentInstance().getExternalContext().redirect("inicio.xhtml");   

           return;

       } 

       ...

}

Spring Security + LDAP：会话在登录后立即清除

1 个答案: