我在loginform.xhtml文件中有这个 JSF 表单:
<h:form>
<h:panelGrid columns="3" styleClass="components" cellpadding="5px">
<h:outputText value="#{msg['login.username']}"/>
<h:inputText id="username" value="#{userManager.loginUser.username}" required="true"/>
<h:message styleClass="error" for="username"/>
<h:outputText value="#{msg['login.password']}"/>
<h:inputSecret id="password" value="#{userManager.loginUser.password}"
required="true"/>
<h:message styleClass="error" for="password"/>
<h:commandButton value="#{msg['login.confirm']}"
action="#{userManager.doLogin}"/>
</h:panelGrid>
</h:form>
使用这个 ManagedBean:
public class UserManager implements Serializable {
/**
* Creates a new instance of UserManager
*/
public UserManager() {
}
private UserRecord loginUser = new UserRecord();
private UserRecord sessionUser;
@EJB
private UserRecordFacadeLocal userRecordFacade;
public UserRecord getLoginUser() {
return loginUser;
}
public void setLoginUser(UserRecord loginUser) {
this.loginUser = loginUser;
}
public UserRecord getSessionUser() {
return sessionUser;
}
public void setSessionUser(UserRecord sessionUser) {
this.sessionUser = sessionUser;
}
public String doLogout() {
setSessionUser(null);
return "logout";
}
public String doLogin() {
if (userRecordFacade.authorizedAcces(loginUser.getUsername(), loginUser.getPassword())) {
setSessionUser(loginUser);
return "success";
}
return "failure";
}
}
这是我的问题:如果我对 loginform.xhtml (在我的情况下为:)键入 GET 请求http://localhost:8080/Impetus-web/loginform.xhtml,则表单将由旧值填充!更正确的值 - 这对系统的安全性非常不利:-)。如果我通过 h:link 标签导航到此页面,也会发生同样的情况。只有在这种情况下,如果我通过 POST 请求(通过 commandButton fe)跳转到页面,它才能正常工作。
这怎么可能?