我有一个由JSF页面+托管bean + EJB组成的登录机制,它工作正常,但唯一的错误是当密码输入错误时我没有看到错误消息。有什么想法吗?
如果密码输入错误,这就是我在浏览器中获得的信息:
如果我不在EJB中的catch中抛出ValidationException(参见下面的EJB代码),我可以避免这种情况,但是当密码输入错误时,我根本看不到表单中的任何验证消息。 / p>
这是页面上表单的代码:
<h:form>
<p:panel>
<h:outputText value="*Em@il:" />
<h:inputText id="email" value="#{securityController.email}" binding="#{emailComponent}"/>
<br/>
<h:outputText value="*Lozinka: " />
<h:inputSecret id="password" value="#{securityController.password}" validator="#{securityController.validate}">
<f:attribute name="emailComponent" value="#{emailComponent}" />
</h:inputSecret>
<br/>
<span style="color: red;"><h:message for="password"
showDetail="true" /></span>
<br/>
<h:commandButton value="Login" action="#{securityController.logIn()}"/>
</p:panel>
</h:form>
这是managedBean的代码:
@ManagedBean
@RequestScoped
public class SecurityController {
@EJB
private IAuthentificationEJB authentificationEJB;
private String email;
private String password;
private String notificationValue;
public String logIn() {
if (authentificationEJB.saveUserState(email, password)) {
notificationValue = "Dobro dosli";
return "main.xhtml";
} else {
return "";
}
}
public void validate(FacesContext context, UIComponent component,
Object value) throws ValidatorException {
UIInput emailComponent = (UIInput) component.getAttributes().get(
"emailComponent");
String email = "";
String password = "";
email = (String) emailComponent.getValue();
password = (String) value;
String emailInput = email;
String emailPatternText = "^[_A-Za-z0-9-]+(\\.[_A-Za-z0-9-]+)*@[A-Za-z0-9]+(\\.[A-Za-z0-9]+)*(\\.[A-Za-z]{2,})$";
Pattern emailPattern = null;
Matcher emailMatcher = null;
emailPattern = Pattern.compile(emailPatternText);
emailMatcher = emailPattern.matcher(emailInput);
String passwordInput = password;
String alphanumericPattern = "^[a-zA-Z0-9]+$";
Pattern passwordPattern = null;
Matcher passwordMatcher = null;
passwordPattern = Pattern.compile(alphanumericPattern);
passwordMatcher = passwordPattern.matcher(passwordInput);
if (!emailMatcher.matches() && !passwordMatcher.matches()) {
if (authentificationEJB.checkCredentials(emailInput, passwordInput) == false) {
FacesMessage msg = new FacesMessage(
"Pogresan email ili lozinka");
throw new ValidatorException(msg);
}
}
if(emailInput == null || passwordInput == null) {
FacesMessage msg = new FacesMessage("Pogresan email ili lozinka");
throw new ValidatorException(msg);
}
if (passwordInput.length() <= 0 || emailInput.length() <= 0) {
FacesMessage msg = new FacesMessage("Pogresan email ili lozinka");
throw new ValidatorException(msg);
}
}
public String getEmail() {
return email;
}
public String getPassword() {
return password;
}
public void setEmail(String email) {
this.email = email;
}
public void setPassword(String password) {
this.password = password;
}
public String getNotificationValue() {
return notificationValue;
}
public void setNotificationValue(String notificationValue) {
this.notificationValue = notificationValue;
}
}
这是EJB的代码
@Stateful(name = "ejbs/AuthentificationEJB")
public class AuthentificationEJB implements IAuthentificationEJB {
@PersistenceContext
private EntityManager em;
// Login
public boolean saveUserState(String email, String password) {
// 1-Send query to database to see if that user exist
Query query = em
.createQuery("SELECT r FROM Role r WHERE r.email=:emailparam AND r.password=:passwordparam");
query.setParameter("emailparam", email);
query.setParameter("passwordparam", password);
// 2-If the query returns the user(Role) object, store it somewhere in
// the session
try {
Role role = (Role) query.getSingleResult();
if (role != null && role.getEmail().equals(email)
&& role.getPassword().equals(password)) {
FacesContext.getCurrentInstance().getExternalContext()
.getSessionMap().put("userRole", role);
// 3-return true if the user state was saved
System.out.println(role.getEmail() + role.getPassword());
return true;
}
} catch (Exception e) {
FacesMessage msg = new FacesMessage("Pogresan email ili lozinka");
throw new ValidatorException(msg);
}
// 4-return false otherwise
return false;
}
// Logout
public void releaseUserState() {
// 1-Check if there is something saved in the session(or wherever the
// state is saved)
if (!FacesContext.getCurrentInstance().getExternalContext()
.getSessionMap().isEmpty()) {
FacesContext.getCurrentInstance().release();
}
// 2-If 1 then flush it
}
// Check if user is logged in
public boolean checkAuthentificationStatus() {
// 1-Check if there is something saved in the session(This means the
// user is logged in)
if ((FacesContext.getCurrentInstance().getExternalContext()
.getSessionMap().get("userRole") != null)) {
// 2-If there is not a user already loged, then return false
return true;
}
return false;
}
@Override
public boolean checkCredentials(String email, String password) {
Query checkEmailExists = em
.createQuery("SELECT COUNT(r.email) FROM Role r WHERE r.email=:emailparam AND r.password=:passwordparam");
checkEmailExists.setParameter("emailparam", email);
checkEmailExists.setParameter("passwordparam", password);
long matchCounter = 0;
matchCounter = (Long) checkEmailExists.getSingleResult();
if (matchCounter > 0) {
return true;
}
return false;
}
}
在EJB中,我认为如果我在catch块中抛出ValidationException会出错,因为我认为在前端显示错误消息应该是托管bean的任务。我不明白为什么表单不显示错误,因为当密码错误时字段为空时(当电子邮件错误时,它会正确显示验证消息)。
更新
将EJB的saveUserState()方法更改为:
// Login
public boolean saveUserState(String email, String password) {
// 1-Send query to database to see if that user exist
Query query = em
.createQuery("SELECT r FROM Role r WHERE r.email=:emailparam AND r.password=:passwordparam");
query.setParameter("emailparam", email);
query.setParameter("passwordparam", password);
// 2-If the query returns the user(Role) object, store it somewhere in
// the session
List<Object> tmpList = query.getResultList();
if (tmpList.isEmpty() == false) {
Role role = (Role) tmpList.get(0);
if (role != null && role.getEmail().equals(email)
&& role.getPassword().equals(password)) {
FacesContext.getCurrentInstance().getExternalContext()
.getSessionMap().put("userRole", role);
// 3-return true if the user state was saved
System.out.println(role.getEmail() + role.getPassword());
return true;
}
}
// 4-return false otherwise
return false;
}
支票凭证方法:
public boolean checkCredentials(String email, String password) {
Query checkEmailExists = em
.createQuery("SELECT COUNT(r) FROM Role r WHERE r.email=:emailparam AND r.password=:passwordparam");
checkEmailExists.setParameter("emailparam", email);
checkEmailExists.setParameter("passwordparam", password);
int matchCounter = 0;
matchCounter = checkEmailExists.getResultList().size();
if (matchCounter == 1) {
return true;
}
return false;
}
答案 0 :(得分:1)
您不应该将JSF ValidatorException
放在EJB方法中,而应放在JSF validate()
方法中。
我不确定导致此异常的EJB出了什么问题,可能getSingleResult()
根本没有返回单个结果(因此为零或多个)。您需要相应地更改/处理此问题,方法是使用getResultList()
或修改数据模型,以便用户没有单一角色。我认为你只需要getResultList()
,因为你显然允许null
结果。