0

我有一个使用 Spring Security + LDAP 的登录页面。身份验证本身可以正常工作。在我将表单从常规 HTML 更改为 Primefaces/JSF 标记后,出现了问题。用户通过身份验证后,页面不会重定向到索引页面,而是在第二次尝试之后。出于某种原因,会话被立即清除。我已经阅读了很多关于使用 JSF 登录以及类似问题的帖子和教程,但到目前为止,它们都没有奏效。

这是我的一些配置:

在Primefaces /JSF之前的 login.xhtml

<form action='#{request.contextPath}/j_spring_security_check' method='POST' id="loginForm">
...
</form>

在 Primefaces /JSF之后的 login.xhtml

<h:form id="loginForm">         
    <h:outputLabel for="j_username" value="User" /> 
    <p:inputText id="j_username" required="true" value="#{loginBean.username}"></p:inputText>

    <h:outputLabel for="j_password" value="Password" /> 
    <p:password id="j_password" required="true" value="#{loginBean.password}"></p:password>             

    <h:commandButton type="submit" id="loginButton" action="#{loginBean.doLogin}" value="LOGIN" />              
</h:form>

安全上下文.xml

<security:http use-expressions="true">
    <security:intercept-url pattern="/login.xhtml" access="isAnonymous()" />
    <security:intercept-url pattern="/index.xhtml" access="isAuthenticated()" />

    <security:form-login login-processing-url="/j_spring_security_check" 
                         login-page="/login.xhtml"          
                         authentication-failure-handler-ref="authenticationFailureHandler"  
                         default-target-url="/index.xhtml"      
                         always-use-default-target="true" />
     ...
</security:http>

登录Bean.java

public String doLogin() throws IOException, ServletException {

       try {

           ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
           RequestDispatcher dispatcher = ((ServletRequest)context.getRequest()).getRequestDispatcher("/j_spring_security_check");              
           dispatcher.forward((ServletRequest)context.getRequest(), (ServletResponse)context.getResponse());
           FacesContext.getCurrentInstance().responseComplete();

           return "/index?faces-redirect=true";          

       } 

       ...

}

web.xml

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

面孔-config.xml

<managed-bean>
    <managed-bean-name>loginBackingBean</managed-bean-name>
    <managed-bean-class>my.project.jsf.beans.LoginBean</managed-bean-class>
    <managed-bean-scope>request</managed-bean-scope>    
</managed-bean>

堆栈跟踪的一部分

<SecurityContext is empty or anonymous - context will not be stored in HttpSession. >
SEVERE: Servlet.service() for servlet Faces Servlet threw exception
java.lang.IllegalStateException
    at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:435)
4

1 回答 1

0

解决了。该问题与登录后页面的重定向有关。我使用了以下代码行:

FacesContext.getCurrentInstance().getExternalContext().redirect("inicio.xhtml");

看完这篇文章我有了想法

LoginBean.java如下所示:

public String doLogin() throws IOException, ServletException {

       try {

           ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
           RequestDispatcher dispatcher = ((ServletRequest)context.getRequest()).getRequestDispatcher("/j_spring_security_check");              
           dispatcher.forward((ServletRequest)context.getRequest(), (ServletResponse)context.getResponse());
           FacesContext.getCurrentInstance().responseComplete();
           FacesContext.getCurrentInstance().getExternalContext().redirect("inicio.xhtml");   

           return;

       } 

       ...

}
于 2013-12-02T19:01:43.427 回答