下面是我的 web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>Portal</display-name>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>cupertino</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<welcome-file-list>
<welcome-file>/faces/index.xhtml</welcome-file>
</welcome-file-list>
<!-- Map these files with JSF -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/faces/index.xhtml</location>
</error-page>
</web-app>
面孔-config.xml-
<?xml version="1.0" encoding="UTF-8"?>
<faces-config xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd"
version="2.0">
<managed-bean>
<managed-bean-name>user</managed-bean-name>
<managed-bean-class>com.ravij.User</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
<managed-bean>
<managed-bean-name>menu</managed-bean-name>
<managed-bean-class>com.ravij.Menu</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
</managed-bean>
<managed-bean>
<managed-bean-name>item</managed-bean-name>
<managed-bean-class>com.ravij.Item</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
</managed-bean>
<navigation-rule>
<from-view-id>/faces/*</from-view-id>
<navigation-case>
<from-outcome>LOGIN_PAGE</from-outcome>
<to-view-id>/faces/index.xhtml</to-view-id>
</navigation-case>
</navigation-rule>
<navigation-rule>
<from-view-id>/faces/*</from-view-id>
<navigation-case>
<from-outcome>LOGOUT</from-outcome>
<to-view-id>/faces/index.xhtml?faces-redirect=true</to-view-id>
</navigation-case>
</navigation-rule>
<navigation-rule>
<from-view-id>/faces/index.xhtml</from-view-id>
<navigation-case>
<from-outcome>INVALID_USER</from-outcome>
<to-view-id>/faces/index.xhtml</to-view-id>
</navigation-case>
</navigation-rule>
<navigation-rule>
<from-view-id>/faces/index.xhtml</from-view-id>
<navigation-case>
<from-outcome>NORMAL_USER</from-outcome>
<to-view-id>/faces/home.xhtml</to-view-id>
</navigation-case>
</navigation-rule>
<navigation-rule>
<from-view-id>/faces/index.xhtml</from-view-id>
<navigation-case>
<from-outcome>ADMIN_USER</from-outcome>
<to-view-id>/faces/admin.xhtml</to-view-id>
</navigation-case>
</navigation-rule>
<lifecycle>
<phase-listener>com.ravij.security.AuthorizationListener</phase-listener>
</lifecycle>
</faces-config>
Phase listener AuthorizationListener在下面-
package com.ravij.security;
import javax.faces.application.NavigationHandler;
import javax.faces.context.FacesContext;
import javax.faces.event.PhaseEvent;
import javax.faces.event.PhaseId;
import javax.faces.event.PhaseListener;
import javax.servlet.http.HttpSession;
public class AuthorizationListener implements PhaseListener {
/**
*
*/
private static final long serialVersionUID = 1L;
@Override
public void afterPhase(PhaseEvent event) {
FacesContext facesContext = event.getFacesContext();
String currentPage = facesContext.getViewRoot().getViewId();
boolean isLoginPage = (currentPage.lastIndexOf("index.xhtml") > -1);
HttpSession session = (HttpSession) facesContext.getExternalContext()
.getSession(false);
if (session == null) {
NavigationHandler nh = facesContext.getApplication()
.getNavigationHandler();
nh.handleNavigation(facesContext, null, "LOGIN_PAGE");
}
else {
Object currentUser = session.getAttribute("username");
if (!isLoginPage && (currentUser == null || currentUser == "")) {
NavigationHandler nh = facesContext.getApplication()
.getNavigationHandler();
nh.handleNavigation(facesContext, null, "LOGIN_PAGE");
}
}
}
@Override
public void beforePhase(PhaseEvent event) {
}
@Override
public PhaseId getPhaseId() {
return PhaseId.RESTORE_VIEW;
}
}
用户 Bean 如下 -
package com.ravij;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.faces.event.ActionEvent;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
public class User implements Serializable {
private static final long serialVersionUID = 1L;
private String username;
private String password;
private String email;
private String isAdmin;
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getIsAdmin() {
return isAdmin;
}
public void setIsAdmin(String isAdmin) {
this.isAdmin = isAdmin;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String logout() {
// FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_INFO,
// "Thank you", "You are successfully Logged out!");
// FacesContext.getCurrentInstance().addMessage(null, msg);
// index.xhtml?faces-redirect=true
FacesContext.getCurrentInstance().getExternalContext()
.invalidateSession();
return "LOGOUT";
}
private void resetAllFields() {
setEmail("");
setIsAdmin("");
setPassword("");
setUsername("");
}
public String login() {
//userFromDB is fetched from DB. Hibernate is taking care of that.
if (username != null && password != null && userFromDB != null
&& username.equals(userFromDB.getUsername())
&& hash.equals(userFromDB.getPassword())) {
resetAllFields();
FacesContext.getCurrentInstance().getExternalContext()
.getSessionMap().put("username", username);
if (userFromDB.getIsAdmin().equals("true")) {
return "ADMIN_USER";
}
return "NORMAL_USER";
}
FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_WARN,
"Login Error", "Invalid credentials");
FacesContext.getCurrentInstance().addMessage(null, msg);
return "INVALID_USER";
}
}