0

我正在使用 JSF 创建一些用户授权/检查,然后在安全 / 目录下输入特定页面,但没有成功......我尝试了 phaselistener 和 filter 但仍然......非常欢迎任何帮助。

我正在使用 Eclipse Juno。

我的 web.xml 如下:

<filter>
<filter-name>AuthorizationFilter</filter-name>
<filter-class>login.security.AuthorizationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>/secure/*</url-pattern>
</filter-mapping> 
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>

AuthorizationFilter 看起来像这样:

public class AuthorizationFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain  chain) throws ServletException, IOException {    
HttpServletRequest req = (HttpServletRequest) request;
login.Login_bean login_bean = (login.Login_bean)
req.getSession().getAttribute("username");
if (login_bean != null && login_bean.isLoggedIn()) {
chain.doFilter(request, response);
} else {
HttpServletResponse res = (HttpServletResponse) response;
res.sendRedirect(req.getContextPath() + "/index.xhtml");
}
}

使用覆盖的 destroy() 和 init。它是从周围的几个站点复制/过去的。

Login_bean 是托管和会话范围的,当用户/密码对正确时,我运行了这个:

if(password.equals(dbpassword)){
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().put("username", username);
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().put("email", email);
this.visibleLogout="true";
this.visibleLogin="false";
return "valid";
}

目录结构如下:

WebContent
-> secure
    -> projects.xhtml
-> index.xhtml

index.xhtml 我想禁止访问的地方:

<p:menuitem id="projects" value="#{menuBean.projectsValue}" action="#{menuBean.navTo(projects)}" icon="ui-icon-circle-triangle-e" />.

最后 menuBean.navTo() 是:

public String navTo(String whereTo)
{
return "/secure/projects";
}

我以某种方式碰壁了..即使将 url-pattern 更改为 /faces/secure/* 我仍然被转发到 projects.xhtml

全脸-config.xml

<?xml version="1.0" encoding="UTF-8"?>

<faces-config xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd"
    version="2.1">


    <managed-bean>
        <managed-bean-name>languageBean</managed-bean-name>
        <managed-bean-class>languageControl.LanguageBean</managed-bean-class>
        <managed-bean-scope>session</managed-bean-scope>
    </managed-bean>

    <managed-bean>
        <managed-bean-name>menuBean</managed-bean-name>
        <managed-bean-class>menuControl.MenuBean</managed-bean-class>
        <managed-bean-scope>session</managed-bean-scope>
    </managed-bean>

    <navigation-rule>
        <description>login_rule</description>
        <from-view-id>/index.xhtml</from-view-id>
        <navigation-case>
            <from-action>#{login_bean.checkValidUser}</from-action>
            <from-outcome>valid</from-outcome>
            <to-view-id>/nav.xhtml</to-view-id>
        </navigation-case>
        <navigation-case>
            <from-action>#{login_bean.checkValidUser}</from-action>
            <from-outcome>invalid</from-outcome>
            <to-view-id>/index.xhtml</to-view-id>
        </navigation-case>
    </navigation-rule>

    <application>
        <locale-config>
            <default-locale>en</default-locale>
            <supported-locale>gr</supported-locale>
        </locale-config>
        <resource-bundle>
            <base-name>languageControl.messages</base-name>
            <var>msg</var>
        </resource-bundle>
    </application>
    <validator>
        <validator-id>passwordValidator</validator-id>
        <validator-class>registration.passwordValidator</validator-class>
    </validator>
    <managed-bean>
        <managed-bean-name>Login_bean</managed-bean-name>
        <managed-bean-class>login.Login_bean</managed-bean-class>
        <managed-bean-scope>session</managed-bean-scope>
    </managed-bean>
    <managed-bean>
        <managed-bean-name>sendMail</managed-bean-name>
        <managed-bean-class>common.sendMail</managed-bean-class>
        <managed-bean-scope>request</managed-bean-scope>
        <!-- <managed-property> <property-name>email</property-name> <value>#{sendMail.email}</value> 
            </managed-property> -->
    </managed-bean>

    <validator>
        <validator-id>EmailValidator</validator-id>
        <validator-class>registration.EmailValidator</validator-class>
    </validator>

    <managed-bean>
        <managed-bean-name>RegistrationBean</managed-bean-name>
        <managed-bean-class>registration.RegistrationBean</managed-bean-class>
        <managed-bean-scope>session</managed-bean-scope>
    </managed-bean>
</faces-config>

完整的 web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    id="WebApp_ID" version="3.0">
    <display-name>personalSite</display-name>
    <welcome-file-list>
        <welcome-file>index.xhtml</welcome-file>
    </welcome-file-list>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.xhtml</url-pattern>
    </servlet-mapping>

<filter>
        <filter-name>AuthorizationFilter</filter-name>
        <filter-class>login.security.AuthorizationFilter</filter-class>
 </filter>
 <filter-mapping>
        <filter-name>AuthorizationFilter</filter-name>
        <url-pattern>/secure/*</url-pattern>
 </filter-mapping> 

</web-app>
4

1 回答 1

0

你在调试器中运行它吗?我会在“doFilter()”的顶部放一个断点,看看过滤器是否正在执行。一旦你弄清楚它是否真的在执行,单步执行代码(假设它正在过滤),看看为什么逻辑没有按预期执行。如果它没有触发,您可以打赌它可能是配置中的虚假内容。

于 2012-07-28T23:19:59.003 回答