我有一个 Http 过滤器:
@WebFilter(filterName = "VerificationFilter", urlPatterns = {"/activation/*"})
public class VerificationFilter implements Filter {
private static final Logger logger = LoggerFactory.getLogger(VerificationFilter.class);
private static final String ACTIVATION_CODE_PARAM_KEY = "vc";
private UserInfo userInfo;
private ActivationInfo activationInfo;
public void init(FilterConfig filterConfig) throws ServletException {
logger.debug("************VerificatoniFilter initializing*************");
* This filter filters requests by path - anything in the /activate/ namespace will
* be filtered to first determine if the user has already passed through this filter once.
* If the user has been "filtered" and the validation code was deemed to be valid, navigation will
* be permitted to pass through. If not, then they will be redirected to an error page
* If the user has not yet been filtered, (determined by the presence of details available in the user's
* current session), then the filter will check the validation code for validity and/or allow or reject
* access.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if (!activationInfoPopulated()) {
String activationCode = request.getParameter(ACTIVATION_CODE_PARAM_KEY);
if (StringUtils.isEmpty(activationCode)) {
} else {
try {
ActivationService aService = new ActivationService();
ClPersonInfo info = aService.findActivationCodeUser(activationCode);
if (info == null) {
} catch (ServiceUnavailableException sue) {
throw new IamwebApplicationException(sue.getMessage());
} else {
// if the validationCode is not valid, send the user directly to error page. Else, continue...
if (!activationInfo.getValidationCodeIsValid()) {
throw new ActivationCodeInvalidException();
// if all is good, continue along the chain
chain.doFilter(request, response);
private boolean activationInfoPopulated() {
return (activationInfo.getValidationCodeChecked());
private void setActivationInfoPopulated() {
private void setActivationValid() {
private void setActivationInvalid() {
private void throwActivationInvalid() throws ActivationCodeInvalidException {
throw new ActivationCodeInvalidException();
public void destroy() {
// TODO Auto-generated method stub
* @return the activationInfo
public ActivationInfo getActivationInfo() {
return activationInfo;
* @param activationInfo the activationInfo to set
public void setActivationInfo(ActivationInfo activationInfo) {
this.activationInfo = activationInfo;
* @return the userInfo
public UserInfo getUserInfo() {
return userInfo;
* @param userInfo the userInfo to set
public void setUserInfo(UserInfo userInfo) {
this.userInfo = userInfo;
并且 UserInfo 和 ActivationInfo 都是@SessionScoped,如下所示:
public class ActivationInfo implements Serializable {
private static final Logger logger = LoggerFactory.getLogger(ActivationInfo.class);
private static final long serialVersionUID = -6864025809061343463L;
private Boolean validationCodeChecked = Boolean.FALSE;
private Boolean validationCodeIsValid = Boolean.FALSE;
private String validationCode;
public void init() {
FacesContext context = FacesContext.getCurrentInstance();
HttpSession session = (HttpSession) context.getExternalContext().getSession(true);
logger.debug("ActivationInfo being constructed for sessionId: " + (session == null ? " no session found " : session.getId()));
public class UserInfo implements Serializable {
private static final Logger logger = LoggerFactory.getLogger(UserInfo.class);
private static final long serialVersionUID = -2137005372571322818L;
private ClPersonInfo clPersonInfo;
private String password;
* @return the clPersonInfo
public ClPersonInfo getClPersonInfo() {
return clPersonInfo;
public void init() {
FacesContext context = FacesContext.getCurrentInstance();
HttpSession session = (HttpSession) context.getExternalContext().getSession(true);
logger.debug("UserInfo being constructed for sessionId: " + (session == null ? " no session found" : session.getId()));
2014-02-20 21:32:22 DEBUG UserInfo:35 - UserInfo being constructed for sessionId: no session found
2014-02-20 21:32:22 DEBUG ActivationInfo:27 - ActivationInfo being constructed for sessionId: no session found
2014-02-20 21:32:22 DEBUG VerificationFilter:38 - ************VerificatoniFilter initializing*************
如果我转到不同的浏览器并输入“错误”验证码,则永远不会重新注入 UserInfo/ActivationInfo。IE,使用不同的会话,我没有看到新的 UserInfo/ActivationInfo。
我的问题是: 1. 为什么在构造 UserInfo/ActivationInfo 时没有找到会话(请参阅日志消息) 2. 我该如何实现这一点,以便稍后可以将 UserInfo 和 ActivationInfo 注入我的其他 CDI bean 中所以他们有我需要的用户/激活信息吗?目前由于这个问题,我直接在 VerificationFilter 中的用户会话上设置了activationInfo,但是当我注入我的 CDI bean 时,会注入不同的 UserInfo 和 DIFFERENT ActivationInfo。
我正在使用 Tomcat 7 和 JEE 6,焊接。