在JSF 2.0中过滤用户会话检查
问题描述:
这就是我解决问题的方式. :) 我要保护的页面位于cPanel文件夹内.这是我的LoginAdmin bean.
this is how i solved my problem. :) my pages which i want to protect are located inside cPanel folder. this is my LoginAdmin bean.
@ManagedBean(name = "loginAdmin")
@SessionScoped
public class LoginAdmin implements Serializable {
private static final long serialVersionUID = 1L;
private String username;
private String password;
boolean loggedIn;
public boolean isLoggedIn() {
return loggedIn;
}
public void setLoggedIn(boolean loggedIn) {
this.loggedIn = loggedIn;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public void login(ActionEvent actionEvent) {
FacesMessage msg = null;
if (username.equals("Administrator") && password.equals("store1")) {
try {
msg = new FacesMessage(FacesMessage.SEVERITY_INFO, "Welcome",
username);
FacesContext.getCurrentInstance().getExternalContext()
.redirect("/eHUB/cPanel/index.xhtml");
loggedIn = true;
} catch (IOException e) {
e.printStackTrace();
}
} else {
msg = new FacesMessage(FacesMessage.SEVERITY_WARN, "Login Error",
"Invalid User Name or Password");
loggedIn = false;
}
FacesContext.getCurrentInstance().addMessage(null, msg);
}
public void logout(ActionEvent actionEvent) throws IOException {
((HttpSession) FacesContext.getCurrentInstance().getExternalContext()
.getSession(false)).invalidate();
loggedIn = false;
FacesContext.getCurrentInstance().getExternalContext().redirect("login.xhtml");
}
}
这是我的过滤器代码:
@WebFilter("/cPanel/*")
public class RestrictFilter implements Filter {
private FilterConfig fc;
public RestrictFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
LoginAdmin loginAdmin = (LoginAdmin) request.getSession().getAttribute("loginAdmin");
String loginURL = request.getContextPath() + "/login.xhtml";
if(loginAdmin != null && loginAdmin.isLoggedIn()){
chain.doFilter(req, res);
}
else{
response.sendRedirect(loginURL);
}
}
public void init(FilterConfig fConfig) throws ServletException {
this.fc = fConfig;
}
}
这是完美的工作.请对此文章加投票.再一次感谢你. :)
this is working perfectly. please add vote against this post. thank you once again. :)
答
web.xml:-
![MainPanel is Secure][1]
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>aksa.sc.util.AccessFilter</filter-class>
<init-param>
<param-name>test-param</param-name>
<param-value>This parameter is for testing.</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/secure/*</url-pattern>
</filter-mapping>
AccessFilter:-
AccessFilter:-
public class AccessFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
String testParam = filterConfig.getInitParameter("test-param");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
HttpSession session = httpServletRequest.getSession(true);
// Get the IP address of client machine.
String ipAddress = request.getRemoteAddr();
// Log the IP address and current timestamp.
// System.out.println("IP "+ipAddress + ", Time "+ new
// Date().toString());
if (httpServletRequest.getRequestURL().toString().contains("/scTheme/")) {
if (session == null || session.getAttribute("userName") == null) {
httpServletResponse.sendRedirect("/scTheme/login.xhtml");
}
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
//
}
}