有不同的方法可以做到这一点。首先,您可以使用过滤器来控制页面访问,也可以使用侦听 jsf Phases 的阶段侦听器。
我想给你们举两个例子;
public class SecurityFilter implements Filter{
FilterConfig fc;
public void init(FilterConfig filterConfig)throws ServletException {
fc = filterConfig;
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException{
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String pageRequested = req.getRequestURI().toString();
if(session.getAttribute("user") == null && !pageRequested.contains("login.xhtml")){
resp.sendRedirect("login.xhtml");
}else{
chain.doFilter(request, response);
}
}
public void destroy(){
}
}
你应该将此过滤器添加到 web.xml 中;
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>com.webapp.SecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
阶段监听器示例;
public class SecurityFilter implements PhaseListener {
public void beforePhase(PhaseEvent event) {
}
public void afterPhase(PhaseEvent event) {
FacesContext fc = event.getFacesContext();
boolean loginPage =
fc.getViewRoot().getViewId().lastIndexOf("login") > -1 ? true : false;
if (!loginPage && !isUserLogged()) {
navigate(event,"logout");
}
}
private boolean isUserLogged() {
//looks session for user
}
private void navigate(PhaseEvent event, String page) {
FacesContext fc = event.getFacesContext();
NavigationHandler nh = fc.getApplication().getNavigationHandler();
nh.handleNavigation(fc, null, page);
}
public PhaseId getPhaseId() {
return PhaseId.RESTORE_VIEW;
}
}
因此,如果您想使用侦听器,您应该将其添加到您的 faces-config.xml 中;
注意:“logout”是在 faces-config 中定义的导航规则
<lifecycle>
<phase-listener>com.myapp.SecurityFilter</phase>
</lifecycle>
Edit :导航规则;
<navigation-rule>
<from-view-id>/*</from-view-id>
<navigation-case>
<from-outcome>logout</from-outcome>
<to-view-id>/login.xhtml</to-view-id>
<redirect/>
</navigation-case>
</navigation-rule>
您可以像这样将用户置于登录方法中的会话中;
FacesContext context = FacesContext.getCurrentInstance();
HttpSession session =
(HttpSession)context.getExternalContext().getSession(true);
session.setAttribute("user", loggedUser);