我一直试图将自己的身份验证作为后续进行正确身份验证(通过J2EE身份验证或Shiro)的垫脚石。但是我遇到了一个问题,当我的用户登录时,他们都登录到同一个会话。我可以看到数据是相同的,jsessionid匹配也在Chrome开发工具中。
我无法创建一个会话,如果它已经存在,如果我使它无效,它将使其他用户会话无效,因为它们是相同的,所以我不知道如何解决这个问题。欢迎任何建议。
这是我的登录视图bean:
@ManagedBean
@RequestScoped
public class LoginView implements Serializable {
private static final long serialVersionUID = -2871644685227380013L;
private String username;
private String password;
@EJB
private myApp.ejb.LoginRequest request;
private static final Logger logger = Logger.getLogger("myApp.ejb.LoginView");
public String getUsername() {
return username;
}
public void setUsername(String userName) {
this.username = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) throws NoSuchAlgorithmException, UnsupportedEncodingException {
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(password.getBytes("UTF-8"));
byte byteData[] = md.digest();
//convert the byte to hex format
StringBuffer sb = new StringBuffer();
for (int i = 0; i < byteData.length; i++) {
sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1));
}
this.password = sb.toString();
}
public void login(ActionEvent event) {
RequestContext requestContext = RequestContext.getCurrentInstance();
FacesContext context = FacesContext.getCurrentInstance();
boolean loggedIn = false;
User user = request.findUser(username);
if(user.getPassword().equals(this.getPassword()))
{
loggedIn = true;
context.getExternalContext().getSession(false);
context.getExternalContext().getSessionMap().put("user", user);
logger.log(Level.INFO, "put user {0}",
new Object[]{user.getUserId()});
logger.log(Level.INFO, "session id {0}",
new Object[]{context.getExternalContext().getSessionId(false)});
requestContext.addCallbackParam("loggedIn", loggedIn);
}
}
}
这是我的login.xhtml表单和回调:
<h:form>
<h:outputLink value="javascript:void(0)" onclick="PF('dlg').show();" title="login">
<p:graphicImage name="/demo/images/login.png" />
</h:outputLink>
<p:dialog header="Login" widgetVar="dlg" resizable="false">
<h:panelGrid columns="2" cellpadding="5">
<h:outputLabel for="username" value="Username:" />
<p:inputText id="username" value="#{loginView.username}" required="true" label="username" />
<h:outputLabel for="password" value="Password:" />
<p:password id="password" value="#{loginView.password}" required="true" label="password" />
<f:facet name="footer">
<p:commandButton value="Login" actionListener="#{loginView.login}"
oncomplete="handleLoginRequest(xhr, status, args)" />
</f:facet>
</h:panelGrid>
</p:dialog>
</h:form>
<script type="text/javascript">
function handleLoginRequest(xhr, status, args) {
if(args.validationFailed || !args.loggedIn) {
PF('dlg').jq.effect("shake", {times:5}, 100);
}
else {
PF('dlg').hide();
$('#loginLink').fadeOut();
window.location = "http://localhost:8080/myapp/index.xhtml"
}
}
</script>