更新时间:2023-09-20 18:51:40
您需要实施javax.servlet.Filter$c$c>类,请在的doFilter()
方法所需的作业并将其映射在一个URL模式涵盖了受限制的页面, /用户/ *
也许?在的doFilter()
您应检查登录用户的presence在盘中莫名其妙。此外,您还需要采取JSF Ajax和资源请求考虑在内。 JSF Ajax请求需要一个特殊的XML响应,让JavaScript的执行重定向。 JSF资源请求需要被跳过,否则您的登录页面将不会有任何的CSS / JS /图像了。
You need to implement the javax.servlet.Filter
class, do the desired job in doFilter()
method and map it on an URL pattern covering the restricted pages, /user/*
maybe? Inside the doFilter()
you should check the presence of the logged-in user in the session somehow. Further you also need to take JSF ajax and resource requests into account. JSF ajax requests require a special XML response to let JavaScript perform a redirect. JSF resource requests need to be skipped otherwise your login page won't have any CSS/JS/images anymore.
假设你已经登录的用户在JSF通过 externalContext.getSessionMap管理的bean(A
,那么你可以通过 /login.xhtml
页存储)。把(用户,用户)得到它session.getAttribute(用户)
通常像下面的方法
Assuming that you've a /login.xhtml
page which stores the logged-in user in a JSF managed bean via externalContext.getSessionMap().put("user", user)
, then you could get it via session.getAttribute("user")
the usual way like below:
@WebFilter("/user/*")
public class AuthorizationFilter implements Filter {
private static final String AJAX_REDIRECT_XML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<partial-response><redirect url=\"%s\"></redirect></partial-response>";
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(false);
String loginURL = request.getContextPath() + "/login.xhtml";
boolean loggedIn = (session != null) && (session.getAttribute("user") != null);
boolean loginRequest = request.getRequestURI().equals(loginURL);
boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER + "/");
boolean ajaxRequest = "partial/ajax".equals(request.getHeader("Faces-Request"));
if (loggedIn || loginRequest || resourceRequest) {
if (!resourceRequest) { // Prevent browser from caching restricted resources. See also http://***.com/q/4194207/157882
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.
}
chain.doFilter(request, response); // So, just continue request.
}
else if (ajaxRequest) {
response.setContentType("text/xml");
response.setCharacterEncoding("UTF-8");
response.getWriter().printf(AJAX_REDIRECT_XML, loginURL); // So, return special XML response instructing JSF ajax to send a redirect.
}
else {
response.sendRedirect(loginURL); // So, just perform standard synchronous redirect.
}
}
// You need to override init() and destroy() as well, but they can be kept empty.
}
此外,过滤器也获得页面上禁用浏览器缓存,所以浏览器后退按钮不会显示它们了。
Additionally, the filter also disabled browser cache on secured page, so the browser back button won't show up them anymore.
如果你碰巧使用JSF工具库 OmniFaces ,高于code可以减少如下:
In case you happen to use JSF utility library OmniFaces, above code could be reduced as below:
@WebFilter("/user/*")
public class AuthorizationFilter extends HttpFilter {
@Override
public void doFilter(HttpServletRequest request, HttpServletResponse response, HttpSession session, FilterChain chain) throws ServletException, IOException {
String loginURL = request.getContextPath() + "/login.xhtml";
boolean loggedIn = (session != null) && (session.getAttribute("user") != null);
boolean loginRequest = request.getRequestURI().equals(loginURL);
boolean resourceRequest = Servlets.isFacesResourceRequest(request);
if (loggedIn || loginRequest || resourceRequest) {
if (!resourceRequest) { // Prevent browser from caching restricted resources. See also http://***.com/q/4194207/157882
Servlets.setNoCacheHeaders(response);
}
chain.doFilter(request, response); // So, just continue request.
}
else {
Servlets.facesRedirect(request, response, loginURL);
}
}
}