登录后java JSF刷新页面返回登录页面
我在JSF应用程序中使用容器管理的安全性。我能够成功登录并进入我的保护区。如果我点击浏览器刷新,尽管我返回我的登录页面。据我推断,由于某种原因,经过身份验证的会话正在丢失,这导致我被重定向到登录页面
为了确保你理解我的问题: 1) 进入保护区,显示登录页面 2) 放置凭据并单击登录 3) 提供了经过身份验证和保护的jsf页面 4) 点击刷新,登录页面显示
我记录了请求会话id,它们正在更改
网络。xml(相关部分)
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
<url-pattern>/mappings/service/*</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>IESI Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/mappings/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>IESI</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ApplicationRealm</realm-name>
<form-login-config>
<form-login-page>/index.xhtml</form-login-page>
<form-error-page>/logout.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>IESI</role-name>
</security-role>
<session-config>
<session-timeout>30</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
验证器
@ManagedBean
@SessionScoped
public class Authenticator
{
private static final Logger LOGGER = LoggerFactory.getLogger(Authenticator.class);
private String username;
private String password;
public String getUsername()
{
return username;
}
public void setUsername(String username)
{
this.username = username;
}
public String getPassword()
{
return password;
}
public void setPassword(String password)
{
this.password = password;
}
public String login()
{
final FacesContext context = FacesContext.getCurrentInstance();
final HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
try
{
final Principal userPrincipal = request.getUserPrincipal();
if (userPrincipal != null)
{
request.logout();
}
request.login(username, password);
context.getExternalContext().getSessionMap().put("user", request.getUserPrincipal());
final Principal principal = request.getUserPrincipal();
LOGGER.debug("Authenticated user: " + principal.getName());
if(request.isUserInRole("IESI"))
{
return "/mappings/mappings.xhtml?faces-redirect=true";
}
else
{
return "login";
}
}
catch (final ServletException e)
{
context.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_WARN, "Login failed!", null));
return "login";
}
}
public String logout()
{
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
return "login";
}
PhaseListener
public class AuthorizationListener
implements PhaseListener
{
private static final long serialVersionUID = 1L;
@Override
public void afterPhase(final PhaseEvent event)
{
final FacesContext facesContext = event.getFacesContext();
final String currentPage = facesContext.getViewRoot().getViewId();
final boolean isLoginPage = (currentPage.lastIndexOf("index.xhtml") > -1);
final HttpSession session = (HttpSession) facesContext.getExternalContext().getSession(false);
if (session == null)
{
final NavigationHandler nh = facesContext.getApplication().getNavigationHandler();
nh.handleNavigation(facesContext, null, "login");
}
else
{
final Object currentUser = session.getAttribute("user");
if (!isLoginPage && ((currentUser == null) || (currentUser == "")))
{
System.out.println("PHASE: USER IS NULL");
final NavigationHandler nh = facesContext.getApplication().getNavigationHandler();
nh.handleNavigation(facesContext, null, "login");
}
}
}
@Override
public void beforePhase(final PhaseEvent event)
{
}
@Override
public PhaseId getPhaseId()
{
return PhaseId.RESTORE_VIEW;
}
}
共 (0) 个答案