会话范围的JSF托管bean在servlet筛选器中始终为空
我尝试创建一个登录筛选器,如本教程中所示: 如果我想打开一个安全的站点,过滤器会引导我进入登录页面。但是当我按下登录按钮时,我又看到了登录页面 我根据问题找到了登录过滤器,在这里我试图从会话范围中获取登录域。登录栏总是会话范围的JSF托管bean在servlet筛选器中始终为空,jsf,session,jsf-2,servlet-filters,managed-bean,Jsf,Session,Jsf 2,Servlet Filters,Managed Bean,我尝试创建一个登录筛选器,如本教程中所示: 如果我想打开一个安全的站点,过滤器会引导我进入登录页面。但是当我按下登录按钮时,我又看到了登录页面 我根据问题找到了登录过滤器,在这里我试图从会话范围中获取登录域。登录栏总是null。根据教程,由于注释@SessionScope,我的登录栏应该在会话中 我的问题是:如何让我的登录名进入会话 Login.xhtml: <h:form id="login-form"> ... <h:commandButton id=
null
。根据教程,由于注释@SessionScope
,我的登录栏应该在会话中
我的问题是:如何让我的登录名进入会话
Login.xhtml:
<h:form id="login-form">
...
<h:commandButton id="button" value="Login" action="#{loginBean.doLogin}"/>
...
</h:form>
@ManagedBean(eager=true,name="loginBean")
@SessionScoped
public class LoginBean implements Serializable {
private static final long serialVersionUID = 4067847760780243370L;
private static final String[] userlist = { "fuh:fuh", "huf:1234" };
private String username;
private String password;
private boolean loggedIn;
@ManagedProperty(value = "#{navigationBean}")
private NavigationBean navigationBean;
public LoginBean(){}
public String doLogin() {
String redirect = "";
// Get every user from database
for (String user : userlist) {
String dbUsername = user.split(":")[0];
String dbPassword = user.split(":")[1];
// Successful login
if (dbUsername.equals(username) && dbPassword.equals(password)) {
loggedIn = true;
Log.write("Benutzer " + username
+ " hat sich erfolgreich angemeldet!");
}
}
if (loggedIn)
redirect = navigationBean.redirectToWelcome();
else
redirect = navigationBean.redirectToLogin();
return redirect;
}
public class Loginfilter implements Filter {
private LoginBean loginBean;
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
HttpSession session = req.getSession(true);
//this is always null
loginBean = (LoginBean) session.getAttribute("loginBean");
if (loginBean == null || !loginBean.isLoggendIn()) {
if (loginBean == null) {
Log.write("loginBean null");
}else if (!loginBean.isLoggedIn()) {
Log.write("loginBean not logged in");
}
String contextPath = req.getContextPath();
res.sendRedirect(contextPath + "/login/login.xhtml");
}else{
chain.doFilter(request, response);
}
}
LoginFilter.java:
<h:form id="login-form">
...
<h:commandButton id="button" value="Login" action="#{loginBean.doLogin}"/>
...
</h:form>
@ManagedBean(eager=true,name="loginBean")
@SessionScoped
public class LoginBean implements Serializable {
private static final long serialVersionUID = 4067847760780243370L;
private static final String[] userlist = { "fuh:fuh", "huf:1234" };
private String username;
private String password;
private boolean loggedIn;
@ManagedProperty(value = "#{navigationBean}")
private NavigationBean navigationBean;
public LoginBean(){}
public String doLogin() {
String redirect = "";
// Get every user from database
for (String user : userlist) {
String dbUsername = user.split(":")[0];
String dbPassword = user.split(":")[1];
// Successful login
if (dbUsername.equals(username) && dbPassword.equals(password)) {
loggedIn = true;
Log.write("Benutzer " + username
+ " hat sich erfolgreich angemeldet!");
}
}
if (loggedIn)
redirect = navigationBean.redirectToWelcome();
else
redirect = navigationBean.redirectToLogin();
return redirect;
}
public class Loginfilter implements Filter {
private LoginBean loginBean;
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
HttpSession session = req.getSession(true);
//this is always null
loginBean = (LoginBean) session.getAttribute("loginBean");
if (loginBean == null || !loginBean.isLoggendIn()) {
if (loginBean == null) {
Log.write("loginBean null");
}else if (!loginBean.isLoggedIn()) {
Log.write("loginBean not logged in");
}
String contextPath = req.getContextPath();
res.sendRedirect(contextPath + "/login/login.xhtml");
}else{
chain.doFilter(request, response);
}
}
为了避免显而易见的问题:1)您从哪个包导入了
@SessionScoped
?2) 您是否绝对肯定这是您正在使用的同一个HTTP会话?(检查cookies、会话id等)1)javax.faces.bean.SessionScoped 2)你是对的(提示如下),会话id是完全不同的。如何使过滤器使用bean所在的会话?只要解决会话显然无法跨请求维护的问题即可。检查请求/响应头中的Cookie,检查代码是否没有对每个请求执行不必要的invalidate(),等等。为什么有`HttpSession session=req.getSession(true)`<代码>?您的用户要么总是先点击登录页面(在这种情况下,将有一个活动会话),要么来自一个不安全的页面(在这种情况下,loginBean`将不会被创建,因此始终为空)。没有理由使用req.getSession(true)
。使该为假
@kolossus更改了该设置,但仍不起作用。我的代码不会使会话无效,但我在cookies中发现了一些有趣的东西。当我从loginfilter打印cookie JSSessionID中的值时,它包含sessionid.someNumber,但当我从loginbean打印它时,它包含一个数字,它与那里的会话id不同,但在“.”之后是相同的someNumber。这意味着什么?