重定向到登录页面后AuthenticationFilter,我想注销用户。
这就是为什么,我把identity.logout();我的预渲染方法checkPermission(...).login.xhtml
但是,ViewExpiredException当用户再次登录时,我得到了。
我的问题是
1:如果我不这样做identity.logout();,由于旧用户会话仍然存在,用户再次重新登录。
2:如果我这样做identity.logout();,我会ViewExpiredException在用户再次登录时得到。
AuthenticationFilter.java
public class AuthenticationFilter implements Filter {
.....
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
HttpSession session = httpRequest.getSession();
User user = (User) session.getAttribute(Constants.LOGIN_USER);
if (user == null) {
session.setAttribute(Constants.MESSAGE_ID, MessageId.REQUIRED_TO_LOGIN);
String loginView = httpRequest.getContextPath() + Constants.LOGIN_PAGE;
httpResponse.sendRedirect(loginView);
} else if (!user.getRole().equals(Role.SYSTEM_ADMINISTRATOR)) {
System.out.println("User Role : " + user.getRole());
session.setAttribute(Constants.MESSAGE_ID, MessageId.REQUIRED_TO_ADMIN_ROLE);
String loginView = httpRequest.getContextPath() + Constants.LOGIN_PAGE;
httpResponse.sendRedirect(loginView);
} else {
filterChain.doFilter(servletRequest, servletResponse);
}
servletContext.log("Exiting the filter");
}
public void destroy() {
}
}
登录.xhtml
....
<f:event listener="#{LoginBean.checkPermission}" type="preRenderView" />
....
登录Bean.java
@Scope(ScopeType.EVENT)
@Name("LoginBean")
public class LoginBean extends BaseBean {
....
public boolean authenticate() {
....
}
public void checkPermission(ComponentSystemEvent event) {
FacesContext context = getFacesContext();
ExternalContext extContext = context.getExternalContext();
String messageId = (String) extContext.getSessionMap().remove(Constants.MESSAGE_ID);
if(messageId != null) {
identity.logout();
addMessage(null, FacesMessage.SEVERITY_ERROR, messageId);
}
}
}