我在JSF应用程序中使用容器管理的安全性。我能够成功登录并进入我的保护区。如果我点击浏览器刷新,我会回到我的登录页面。根据我的推断,由于某种原因,经过身份验证的会话正在丢失,导致我被重定向到登录页面。
所以为了确保你理解我的问题: 1)前往保护区,显示登录页面 2)输入凭据并单击登录 3)提供经过身份验证和保护的jsf页面 4)点击刷新,登录页面显示。
我记录了请求会话ID,他们正在改变。
web.xml(相关部分)
172.XXX.XXX.XXX
身份验证
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
<url-pattern>/mappings/service/*</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>IESI Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/mappings/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>IESI</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ApplicationRealm</realm-name>
<form-login-config>
<form-login-page>/index.xhtml</form-login-page>
<form-error-page>/logout.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>IESI</role-name>
</security-role>
<session-config>
<session-timeout>30</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
的PhaseListener
@ManagedBean
@SessionScoped
public class Authenticator
{
private static final Logger LOGGER = LoggerFactory.getLogger(Authenticator.class);
private String username;
private String password;
public String getUsername()
{
return username;
}
public void setUsername(String username)
{
this.username = username;
}
public String getPassword()
{
return password;
}
public void setPassword(String password)
{
this.password = password;
}
public String login()
{
final FacesContext context = FacesContext.getCurrentInstance();
final HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
try
{
final Principal userPrincipal = request.getUserPrincipal();
if (userPrincipal != null)
{
request.logout();
}
request.login(username, password);
context.getExternalContext().getSessionMap().put("user", request.getUserPrincipal());
final Principal principal = request.getUserPrincipal();
LOGGER.debug("Authenticated user: " + principal.getName());
if(request.isUserInRole("IESI"))
{
return "/mappings/mappings.xhtml?faces-redirect=true";
}
else
{
return "login";
}
}
catch (final ServletException e)
{
context.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_WARN, "Login failed!", null));
return "login";
}
}
public String logout()
{
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
return "login";
}