我正在使用JAAS对访问我的Web应用程序的受保护区域的用户进行身份验证。登录页面如下所示:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core">
<h:head>
<meta http-equiv="Content-Type" content="text/html; UTF-8" />
<title>Test</title>
</h:head>
<h:body>
<ui:composition template="template/common/commonLayout.xhtml">
<ui:define name="content">
<form name="loginForm" method="post" action="j_security_check">
<table>
<tr>
<td colspan="2">Login to the your application:</td>
</tr>
<tr>
<td>Select something:</td>
<td><h:selectOneMenu>
<f:selectItems value="#{loginScreenBean.listSomething}" />
</h:selectOneMenu><br /></td>
</tr>
<tr>
<td>Name:</td>
<td><input type="text" name="j_username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Go" /></td>
</tr>
</table>
</form>
</ui:define>
</ui:composition>
</h:body>
</html>
我的web-xml看起来像这样:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>patchit</display-name>
<welcome-file-list>
<welcome-file>test.html</welcome-file>
</welcome-file-list>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/login-error.xhtml</form-error-page>
</form-login-config>
</login-config>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<context-param>
<description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>resources.application</param-value>
</context-param>
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
</web-app>
我的jaas配置看起来像这样:
CustomLogin {
de.kungfuzius.test.security.SimpleLoginModule
sufficient;
};
所以当我在contextpath / protected / test.xhtml这样的受保护区域中打开一个页面时,我会看到login.xhtml和登录表单。一旦我点击提交按钮,用户就会被验证,但不是被转发/重定向到最初请求的页面,而是被重定向到contextpath / protected / RES_NOT_FOUND。为了检查用户是否真的经过身份验证,我尝试再次访问contextpath / protected / test.xhtml。
非常感谢任何帮助。
谢谢!
答案 0 :(得分:3)
当我删除对样式表的引用时,它可以工作!!!