0

我有三个 primefaces(4.0 版)网页。其中一个是 login.xhtml,我想用它在用户被允许访问其他两个网页之前对其进行身份验证。我正在使用 Tomcat 服务器 (v7.0)

我的问题是我可以从我的基本 url: http://localhost:8080/controlservice-server/ --> 访问 login.xhtml,它会进行正确的用户身份验证,然后通过正确的网页。

但是,我可以直接从它们的 url 访问其他两个网页,而无需通过登录页面,因此任何人都可以访问它们。

我的 web.xml:

<context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>

<welcome-file-list>
        <welcome-file>Login.xhtml</welcome-file>
    </welcome-file-list>

<servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

<servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.jsf</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.faces</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.xhtml</url-pattern>
    </servlet-mapping>

我的身份验证 Web 过滤器:

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

@WebFilter(filterName = "PrimefacesAuthFilter", urlPatterns={"*.Login.xhtml"})
public class PrimesfacesAuthFilter implements Filter {

  public PrimesfacesAuthFilter() {
  }

  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
  }

  @Override
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    try {

      HttpServletRequest req = (HttpServletRequest) request;
      HttpServletResponse res = (HttpServletResponse) response;
      HttpSession ses = req.getSession(false);

      String reqURI = req.getRequestURI();
      if (reqURI.indexOf("/*.xhtml") >= 0 || (ses != null && ses.getAttribute("username") != null)
          || reqURI.indexOf("/public/") >= 0 || reqURI.contains("javax.faces.resource")) {

        chain.doFilter(request, response);
      }
      else
        res.sendRedirect(req.getContextPath() + "/login.xhtml");
    } catch (Throwable t) {
      System.out.println(t.getMessage());
    }
  }

  @Override
  public void destroy() {

  }

}
4

1 回答 1

1

您应该更改 @WebFilter 注释中的 urlPatterns 属性,如下所示:

@WebFilter(filterName = "PrimefacesAuthFilter", urlPatterns={"*.xhtml"})
于 2015-06-04T18:13:20.823 回答