我目前正在使用 PrimeFaces 构建一个原型,并参考我们当前生产运行的 Java Web 应用程序(jsp - servlet - java)。我对 PrimeFaces 的水印组件有一个小问题。
在 login.jsf 中有两个 InputText 组件——“用户名”和“密码”。每个 InputText 都有 2 个 Watermark 组件。
一切都很好,直到我在 web.xml 中添加了过滤器。在过滤器中,指定如果请求URL不是“login.jsf”;以及以“.js.jsf”和“.js”结尾的任何内容;以及任何包含“.css”、“.png”和“.gif”的内容,以验证用户是否登录。如果用户未登录,过滤器将重定向到 logout.jsf。
logout.jsf 是一个简单的页面,带有指向 login.jsf 的 CommandLink”。通过单击链接,它将用户带到 login.jsf 页面,但不显示水印。但如果直接访问 login.jsf通过在浏览器地址栏中键入它,水印就会显示出来。
当我单击将我带到 login.jsf 的链接时,为什么不显示水印我正在摸不着头脑。有没有被我屏蔽的资源?还是我做错了过滤器?
我使用的库是 PrimeFaces 3.3.1、GlassFish 3.1.2.2、Java JDK 6u32。
登录.xhtml
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:p="http://primefaces.org/ui"
xmlns:f="http://java.sun.com/jsf/core">
<h:head>
<title>PROFITEDI Login</title>
<h:outputStylesheet name="styles.css" library="css" />
</h:head>
<h:body>
<h:form id="frmLogin">
<p:panel styleClass="panelLogin">
<p:messages id="messages" autoUpdate="true" />
<f:facet name="header">
<h:outputText value="Login" />
</f:facet>
<h:panelGrid columns="2" cellpadding="5">
<p:inputText id="username" value="#{loginController.username}" required="true" />
<p:watermark for="username" value="User ID" />
<p:password id="password" value="#{loginController.password}" required="true" />
<p:watermark for="password" value="Password" />
<p:outputLabel value="Remember Me" for="rememberme" />
<p:selectBooleanCheckbox id="rememberme" value="#{loginController.rememberme}" />
</h:panelGrid>
<f:facet name="footer">
<h:panelGroup>
<p:commandButton id="btnReset" type="Reset" value="Reset" />
<p:spacer width="10" />
<p:commandButton id="btnLogin" type="Submit" value="Submit"
action="#{loginController.doLogin}" />
</h:panelGroup>
</f:facet>
</p:panel>
</h:form>
</h:body>
注销.xhtml
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:p="http://primefaces.org/ui">
<h:head>
<title>PROFITEDI - Logout</title>
</h:head>
<h:body>
<h:form id="frmLogout">
You have been logged-out. Click here to <p:commandLink value="login" type="button" action="login" /> again.
</h:form>
</h:body>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<!-- Context Param -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<!-- this is to treat empty fields as NULL instead of blank. -->
<context-param>
<param-name>javax.faces.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL</param-name>
<param-value>true</param-value>
</context-param>
<!-- Servlet -->
<servlet>
<servlet-name>facesServlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>facesServlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<!-- Welcome file -->
<welcome-file-list>
<welcome-file>index.jsf</welcome-file>
</welcome-file-list>
<!-- Session Configuration -->
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<!-- Listener -->
<listener>
<listener-class>com.qrra.PROFIT.web.SessionListener</listener-class>
</listener>
<!-- URL Filter -->
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>com.qrra.PROFIT.web.SecurityFilter</filter-class>
<init-param>
<param-name>PAGE_LOGIN</param-name>
<param-value>login.jsf</param-value>
</init-param>
<init-param>
<param-name>PAGE_LOGOUT</param-name>
<param-value>logout.jsf</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
安全过滤器
package com.qrra.PROFIT.web;
import com.qrra.util.QRUtil;
import java.io.IOException;
import javax.ejb.EJB;
import javax.servlet.FilterChain;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import qrcom.webedi.ejb.AduserFacade;
import qrcom.webedi.jpa.Aduser;
/**
*
* @author Alvin Sim
*/
public class SecurityFilter extends GenericFilter {
// Actions ---------------------------------------------------------------------------------------------------------
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpServletRequest;
HttpServletResponse httpServletResponse;
String pageLogin;
String pageLogout;
String requestUrl;
if (request instanceof HttpServletRequest) {
httpServletRequest = (HttpServletRequest) request;
httpServletResponse = (HttpServletResponse) response;
pageLogin = (String) httpServletRequest.getAttribute("PAGE_LOGIN");
pageLogout = (String) httpServletRequest.getAttribute("PAGE_LOGOUT");
requestUrl = (String) httpServletRequest.getRequestURI();
if (QRUtil.isStringEmpty(pageLogin)) {
pageLogin = "/login.jsf";
}
if (QRUtil.isStringEmpty(pageLogout)) {
pageLogout = "/logout.jsf";
}
// logger.debug("requested URL: {}", requestUrl);
if (requestUrl.endsWith(pageLogin) == false && requestUrl.endsWith(".js.jsf") == false
&& requestUrl.contains(".css") == false && requestUrl.contains(".gif") == false
&& requestUrl.contains(".png") == false && requestUrl.endsWith(".js") == false) {
logger.debug("URL blocked: {}", requestUrl);
if (verifyUser(httpServletRequest, httpServletResponse) == false) {
gotoLogoutPage(httpServletRequest, httpServletResponse, pageLogout);
}
}
}
chain.doFilter(request, response);
}
private void gotoLogoutPage(HttpServletRequest request, HttpServletResponse response, String pageLogout)
throws IOException, ServletException {
RequestDispatcher dispatcher = request.getSession().getServletContext().getRequestDispatcher(pageLogout);
dispatcher.forward(request, response);
}
private boolean verifyUser(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
Aduser aduser = (Aduser) request.getSession().getAttribute("aduser");
if (aduser == null || QRUtil.isStringEmpty(aduser.getUsrId()) == false
|| request.isRequestedSessionIdValid() == false) {
logger.debug("Invalid user session. Proceed to logout user {}.", (aduser == null) ? "" : aduser.getUsrId());
return false;
}
else {
return true;
}
}
// Services --------------------------------------------------------------------------------------------------------
@EJB
private AduserFacade aduserFacade;
// Constants -------------------------------------------------------------------------------------------------------
private final Logger logger = LoggerFactory.getLogger(SecurityFilter.class);
}
通用过滤器
package com.qrra.PROFIT.web;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
/**
*
* @author Alvin Sim
*/
public class GenericFilter implements Filter {
@Override
public void destroy() {
this.filterConfig = null;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
protected FilterConfig filterConfig = null;
}