我正在使用 JSF2 和 Websphere 8。我有一个登录过滤器,它使用 j_securitycheck 对用户进行身份验证。成功验证后,它将登录用户置于会话中。
在这一步之后,会话管理阶段侦听器被执行,它通过从会话中检索记录的用户标识来检查用户是否请求了受保护的资源并且是有效用户。我能够检索会话,但是当我查找session.getAttribute("userid") 它返回空值。
我尝试过使用 Session Filter 而不是 Session Management Phase Listener。但没有运气。这是代码片段。感谢你的帮助。
登录过滤器:
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
//authenticate user
chain.doFilter(request, response);
HttpSession session = req.getSession(false);
if(session!=null){
if(session.getAttribute("userid") == null){
session.setAttribute("userid", req.getRemoteUser());
}
}
String currentUser = (String)session.getAttribute("userid");
System.out.println("Login Filter | Current Logged in user: " + currentUser);
}
sessionManagementPhaseListener:
public void beforePhase(PhaseEvent event) {
if (event != null) {
FacesContext facesContext = event.getFacesContext();
if (facesContext != null) {
HttpServletRequest origRequest = (HttpServletRequest) FacesContext
.getCurrentInstance().getExternalContext().getRequest();
String requestedUrl = origRequest.getRequestURI();
HttpServletResponse response = (HttpServletResponse) FacesContext
.getCurrentInstance().getExternalContext()
.getResponse();
// set the response header here.
response.addHeader("Pragma", "no-cache");
response.addHeader("Cache-Control", "no-cache");
response.addHeader("Cache-Control", "no-store");
response.addHeader("Cache-Control", "must-revalidate");
response.addHeader("Expires", "Mon, 8 Aug 2006 10:00:00 GMT");
response.setDateHeader("Expires", -1);
if (requestedUrl != null
&& requestedUrl.contains(PROTECTED_FOLDER)) {
// HttpSession session = (HttpSession) facesContext
// .getExternalContext().getSessionMap();
// HttpSession session = origRequest.getSession();
Map<String, Object> requestMap = facesContext
.getExternalContext().getSessionMap();
if (requestMap == null) {
try {
String contextPath = requestedUrl.substring(0,
requestedUrl.indexOf(PROTECTED_FOLDER));
FacesContext.getCurrentInstance()
.getExternalContext()
.redirect(contextPath + "login.xhtml");
} catch (IOException e) {
e.printStackTrace();
gotoLoginPage(response); // go to login page
}
}
else {
String currentUser = (String) requestMap.get("userid");
System.out.println("Current Logged in user: "
+ currentUser);
if (!isLoginPage
&& (currentUser == null || currentUser == "")) {
try {
String contextPath = requestedUrl.substring(0,
requestedUrl.indexOf(PROTECTED_FOLDER));
FacesContext.getCurrentInstance()
.getExternalContext()
.redirect(contextPath + "login.xhtml");
} catch (IOException e) {
// go to login page in case of exceptions
e.printStackTrace();
gotoLoginPage(response);
}
}
}
}
}
}
}