Session 使用会话阶段侦听器和登录筛选器j_安全检查登录的用户的空值
我正在使用JSF2和WebSphere8。我有一个登录过滤器,可以使用j_securitycheck对用户进行身份验证。成功身份验证后,它将登录用户置于会话中 在此步骤之后,将执行会话管理阶段侦听器,该侦听器通过从会话检索已记录的用户ID来检查用户是否已请求受保护的资源并且是否为有效用户。我能够检索会话,但当我查找session.getAttribute(“userid”)时,它返回空值。 我尝试过使用会话过滤器而不是会话管理阶段侦听器。但是没有运气。下面是代码片段。谢谢你的帮助 登录筛选器:Session 使用会话阶段侦听器和登录筛选器j_安全检查登录的用户的空值,session,jsf-2,servlet-filters,j-security-check,phaselistener,Session,Jsf 2,Servlet Filters,J Security Check,Phaselistener,我正在使用JSF2和WebSphere8。我有一个登录过滤器,可以使用j_securitycheck对用户进行身份验证。成功身份验证后,它将登录用户置于会话中 在此步骤之后,将执行会话管理阶段侦听器,该侦听器通过从会话检索已记录的用户ID来检查用户是否已请求受保护的资源并且是否为有效用户。我能够检索会话,但当我查找session.getAttribute(“userid”)时,它返回空值。 我尝试过使用会话过滤器而不是会话管理阶段侦听器。但是没有运气。下面是代码片段。谢谢你的帮助 登录筛选器:
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
//authenticate user
chain.doFilter(request, response);
HttpSession session = req.getSession(false);
if(session!=null){
if(session.getAttribute("userid") == null){
session.setAttribute("userid", req.getRemoteUser());
}
}
String currentUser = (String)session.getAttribute("userid");
System.out.println("Login Filter | Current Logged in user: " + currentUser);
}
public void beforePhase(PhaseEvent event) {
if (event != null) {
FacesContext facesContext = event.getFacesContext();
if (facesContext != null) {
HttpServletRequest origRequest = (HttpServletRequest) FacesContext
.getCurrentInstance().getExternalContext().getRequest();
String requestedUrl = origRequest.getRequestURI();
HttpServletResponse response = (HttpServletResponse) FacesContext
.getCurrentInstance().getExternalContext()
.getResponse();
// set the response header here.
response.addHeader("Pragma", "no-cache");
response.addHeader("Cache-Control", "no-cache");
response.addHeader("Cache-Control", "no-store");
response.addHeader("Cache-Control", "must-revalidate");
response.addHeader("Expires", "Mon, 8 Aug 2006 10:00:00 GMT");
response.setDateHeader("Expires", -1);
if (requestedUrl != null
&& requestedUrl.contains(PROTECTED_FOLDER)) {
// HttpSession session = (HttpSession) facesContext
// .getExternalContext().getSessionMap();
// HttpSession session = origRequest.getSession();
Map<String, Object> requestMap = facesContext
.getExternalContext().getSessionMap();
if (requestMap == null) {
try {
String contextPath = requestedUrl.substring(0,
requestedUrl.indexOf(PROTECTED_FOLDER));
FacesContext.getCurrentInstance()
.getExternalContext()
.redirect(contextPath + "login.xhtml");
} catch (IOException e) {
e.printStackTrace();
gotoLoginPage(response); // go to login page
}
}
else {
String currentUser = (String) requestMap.get("userid");
System.out.println("Current Logged in user: "
+ currentUser);
if (!isLoginPage
&& (currentUser == null || currentUser == "")) {
try {
String contextPath = requestedUrl.substring(0,
requestedUrl.indexOf(PROTECTED_FOLDER));
FacesContext.getCurrentInstance()
.getExternalContext()
.redirect(contextPath + "login.xhtml");
} catch (IOException e) {
// go to login page in case of exceptions
e.printStackTrace();
gotoLoginPage(response);
}
}
}
}
}
}
}
会话管理阶段听者:
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
//authenticate user
chain.doFilter(request, response);
HttpSession session = req.getSession(false);
if(session!=null){
if(session.getAttribute("userid") == null){
session.setAttribute("userid", req.getRemoteUser());
}
}
String currentUser = (String)session.getAttribute("userid");
System.out.println("Login Filter | Current Logged in user: " + currentUser);
}
public void beforePhase(PhaseEvent event) {
if (event != null) {
FacesContext facesContext = event.getFacesContext();
if (facesContext != null) {
HttpServletRequest origRequest = (HttpServletRequest) FacesContext
.getCurrentInstance().getExternalContext().getRequest();
String requestedUrl = origRequest.getRequestURI();
HttpServletResponse response = (HttpServletResponse) FacesContext
.getCurrentInstance().getExternalContext()
.getResponse();
// set the response header here.
response.addHeader("Pragma", "no-cache");
response.addHeader("Cache-Control", "no-cache");
response.addHeader("Cache-Control", "no-store");
response.addHeader("Cache-Control", "must-revalidate");
response.addHeader("Expires", "Mon, 8 Aug 2006 10:00:00 GMT");
response.setDateHeader("Expires", -1);
if (requestedUrl != null
&& requestedUrl.contains(PROTECTED_FOLDER)) {
// HttpSession session = (HttpSession) facesContext
// .getExternalContext().getSessionMap();
// HttpSession session = origRequest.getSession();
Map<String, Object> requestMap = facesContext
.getExternalContext().getSessionMap();
if (requestMap == null) {
try {
String contextPath = requestedUrl.substring(0,
requestedUrl.indexOf(PROTECTED_FOLDER));
FacesContext.getCurrentInstance()
.getExternalContext()
.redirect(contextPath + "login.xhtml");
} catch (IOException e) {
e.printStackTrace();
gotoLoginPage(response); // go to login page
}
}
else {
String currentUser = (String) requestMap.get("userid");
System.out.println("Current Logged in user: "
+ currentUser);
if (!isLoginPage
&& (currentUser == null || currentUser == "")) {
try {
String contextPath = requestedUrl.substring(0,
requestedUrl.indexOf(PROTECTED_FOLDER));
FacesContext.getCurrentInstance()
.getExternalContext()
.redirect(contextPath + "login.xhtml");
} catch (IOException e) {
// go to login page in case of exceptions
e.printStackTrace();
gotoLoginPage(response);
}
}
}
}
}
}
}
前期公共作废(阶段事件){
如果(事件!=null){
FacesContext FacesContext=event.getFacesContext();
if(facesContext!=null){
HttpServletRequest origRequest=(HttpServletRequest)FacesContext
.getCurrentInstance().getExternalContext().getRequest();
字符串requestedUrl=origRequest.getRequestURI();
HttpServletResponse=(HttpServletResponse)FacesContext
.getCurrentInstance().getExternalContext()
.getResponse();
//在这里设置响应头。
addHeader(“Pragma”,“无缓存”);
addHeader(“缓存控制”、“无缓存”);
addHeader(“缓存控制”,“无存储”);
addHeader(“缓存控制”,“必须重新验证”);
addHeader(“Expires”,“Mon,2006年8月8日10:00:00 GMT”);
setDateHeader(“Expires”,-1);
if(requestedUrl!=null
&&requestedUrl.contains(受保护的_文件夹)){
//HttpSession会话=(HttpSession)facesContext
//.getExternalContext().getSessionMap();
//HttpSession session=origRequest.getSession();
Map requestMap=facesContext
.getExternalContext().getSessionMap();
if(requestMap==null){
试一试{
字符串contextPath=requestedUrl.substring(0,
requestedUrl.indexOf(受保护的_文件夹));
FacesContext.getCurrentInstance()
.getExternalContext()
.redirect(contextPath+“login.xhtml”);
}捕获(IOE异常){
e、 printStackTrace();
gotoLoginPage(响应);//转到登录页面
}
}
否则{
String currentUser=(String)requestMap.get(“用户ID”);
System.out.println(“当前登录用户:”
+当前用户);
如果(!isLoginPage
&&(currentUser==null | | currentUser==“”){
试一试{
字符串contextPath=requestedUrl.substring(0,
requestedUrl.indexOf(受保护的_文件夹));
FacesContext.getCurrentInstance()
.getExternalContext()
.redirect(contextPath+“login.xhtml”);
}捕获(IOE异常){
//如果出现异常,请转到登录页面
e、 printStackTrace();
gotoLoginPage(回应);
}
}
}
}
}
}
}
考虑到您已经在使用容器管理的身份验证(j\u security\u check
),过滤器和阶段侦听器都没有任何意义。到底是什么,你想用这一切解决的问题?谢谢巴卢斯的回复。我正在使用登录筛选器进行用户身份验证,但尝试使用会话阶段侦听器进行用户会话管理(例如:如果用户试图点击受保护的URL(书签)直接进入登录页面,然后将用户重定向到登录页面。或者,如果用户有意注销,但仍试图转到受保护的URL以检查会话是否已清除。)。我不确定这是否是正确的处理方式。感谢您的帮助。在这里,您可以使用web.xml
中的
。看起来您混淆了验证用户的不同方法。停顿一下,仔细阅读