Fatal编程技术网
  • login/
  • Login 使用JAAS和JSF在基于容器的登录后重定向用户

Login 使用JAAS和JSF在基于容器的登录后重定向用户

login jsf-2

Login 使用JAAS和JSF在基于容器的登录后重定向用户,login,jsf-2,jaas,Login,Jsf 2,Jaas,我正在尝试实现一个基于jsf2的表单登录,用户可以在重定向到登录页面后直接进入他选择的URL。如何做到这一点?我的当前设置如下(使用glassfish 3) Web.XML <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsf</form-login-page>

我正在尝试实现一个基于
jsf2
的表单登录,用户可以在重定向到
登录页面后直接进入他选择的URL。如何做到这一点?我的当前设置如下(使用glassfish 3

Web.XML

<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login.jsf</form-login-page>
        <form-error-page>/login.jsf</form-error-page>
    </form-login-config>
</login-config>
<security-constraint> //(omitted) all pages except login.jsf requires login </security-constraint>
从另一个问题中,我得到了使用过滤器而不是包含的重定向到登录页面的提示,并在重定向之前将URL作为属性存储在请求中,如下所示:

public class LoginFilter implements Filter {
    private String loginPage = "/login.jsf";

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException,
        ServletException {
        if ((request instanceof HttpServletRequest) && (response instanceof HttpServletResponse)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) request;
            HttpServletResponse httpServletResponse = (HttpServletResponse) response;
            // is session expire control required for this request?
            if (httpServletRequest.getUserPrincipal() == null) {
                // User is not logged in, redirect to login page.
                httpServletRequest.setAttribute("from", httpServletRequest.getRequestURI());
                httpServletResponse.sendRedirect(loginPage);
            }
            else
                filterChain.doFilter(request, response);
        }
    }

    @Override
    public void destroy() {
    }

}
url模式设置为与所有安全约束的总和相同。问题是如何将其与基于容器的登录相结合。将login-config-auth方法保留为表单会导致不执行筛选器。删除它会将auth方法设置为BASIC 1。导致我的窗体不显示,以及2。httpServletRequest.getUserPrincipal()由web浏览器自动设置为缓存值,因此即使执行了筛选器,if语句也将始终为false。据我所知,即使会话无效,也无法阻止浏览器执行此操作

有什么解决办法吗

public class LoginFilter implements Filter {
    private String loginPage = "/login.jsf";

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException,
        ServletException {
        if ((request instanceof HttpServletRequest) && (response instanceof HttpServletResponse)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) request;
            HttpServletResponse httpServletResponse = (HttpServletResponse) response;
            // is session expire control required for this request?
            if (httpServletRequest.getUserPrincipal() == null) {
                // User is not logged in, redirect to login page.
                httpServletRequest.setAttribute("from", httpServletRequest.getRequestURI());
                httpServletResponse.sendRedirect(loginPage);
            }
            else
                filterChain.doFilter(request, response);
        }
    }

    @Override
    public void destroy() {
    }

}