English 中文(简体)
JSF支持基于表格的安全
原标题:Does JSF support form based security
  • 时间:2012-05-21 13:50:08
  •  标签:
  • jsf-2

I followed this tutorial securityIn this tutorial it is mentioned that add something like this for form based security

<form action="j_security_check" method=post>
    <p>username: <input type="text" name="j_username"></p>
    <p>password: <input type="password" name="j_password"></p>
    <p><input type="submit" value="submit"></p>
</form>

但在 JSF 表格中, 我对 sh: form 中 拨打 < strong > j_ security_ check 功能没有动作。 在 JSF 中, 使用 j_ username 和 j_ password 也有必要使用 j_ username 和 j_ password 来提供基于表格的安全?

谢谢 谢谢

最佳回答

是的, < a href=> http://docs.oracle.com/javaee/6/tument/doc/gkbaa.html#bncbq" rel=“noreferr” >form基础认证 强制使用此动作的 URL 和字段名称 。 这在 servlet 的规格中已有明确规定。 您可以在 JSF 页面中将其作为 JSF 。 唯一的区别是表格提交和认证完全由容器处理, 而不是由 JSF 处理。 您不需要担心 。

如果您想要对表格提交过程进行更精细的细微控制, 或者想要使用 JSF 内建验证和 ajax 权力等等, 那么您可以总是通过 < href="http://docs. oracle.com/javaee/6/ tutative/doc/ gjiie.html" rel=“ noreferr" > prographmatic验证 在 JSF 管理下, bean 。 为此, 您必须在操作方法中使用 < a href=" http://docs. com/javaee/6/ api/javax/servlet/http/ HtpServlet request.html#login% 28java. lang. string.% 20java. lang. string%29" rel=“ noreferr"\code > HttpServlet request#login ( ) 。 该认证仍由容器处理。

例如:

<h:form>
    <h:inputText value="#{login.username}" required="true" />
    <h:inputSecret value="#{login.password}" required="true" />
    <h:commandButton value="login" action="#{login.submit}">
        <f:ajax execute="@form" render="@form" />
    </h:commandButton>
    <h:messages />
</h:form>

public String submit() {
    FacesContext context = FacesContext.getCurrentInstance();
    HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();

    try {
        request.login(username, password);
        return "home?faces-redirect-true";
    } catch (ServletException e) {
        context.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unknown login", null));
        return null;
    }
}
问题回答

以下是我如何执行 J_security_ check (集装箱管理安全) 的 JJF 应用程序 。 应用程序在Webshere 7. 不幸的是, Im 使用的 servlet api 版本没有

request.login()

创建了登录过滤器类以拦截 j_ security_ check 调用。 响应写字器记得在登录后要重定向的 URL 。

public class LoginFilter implements Filter {
        private static String loginPage = "login.xhtml"; // read it from init config
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        // TODO Auto-generated method stub
        // create wrapper
        HttpServletRequest req = (HttpServletRequest) request;
        MyWrapper myRes = new MyWrapper((HttpServletResponse) response);
        // call authentication
        chain.doFilter(request, myRes);
        // check for login error
                String redirectURL = myRes.getOriginalRedirect();
          if (StringUtils.isBlank(redirectURL) || redirectURL.contains(loginPage)) {
                   myRes.setOriginalRedirect(homePage);
              }
    myRes.sendMyRedirect();

}
    class MyWrapper extends HttpServletResponseWrapper {
        String originalRedirect;

        public MyWrapper(HttpServletResponse response) {
            super(response);
        }

        @Override
        public void sendRedirect(String location) throws IOException {
            // just store location, don’t send redirect to avoid
            // committing response
            originalRedirect = location;
        }

        // use this method to send redirect after modifying response
        public void sendMyRedirect() throws IOException {
            super.sendRedirect(originalRedirect);
        }

        public String getOriginalRedirect() {
            return originalRedirect;
        }

        public void setOriginalRedirect(String originalRedirect) {
            this.originalRedirect = originalRedirect;
        }


    }

网络Xml看起来如下。

<filter>
    <filter-name>LoginFilter</filter-name>
    <filter-class>com.servlet.filter.LoginFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>LoginFilter</filter-name>
    <url-pattern>/j_security_check</url-pattern>
</filter-mapping>
<filter>
    <filter-name>RequestJSFFilter</filter-name
        <filter-class>com.servlet.filter.RequestJSFFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>RequestJSFFilter</filter-name>
    <url-pattern>*.xhtml</url-pattern>
</filter-mapping>

另一种过滤器截取所有 *.xhtml 并直接到 login.xhtml 登录。 在 login.xhtml 中, 窗体可以查看如下:

<form action="j_security_check" method=post>
    <p>username: <input type="text" name="j_username"></p>
    <p>password: <input type="password" name="j_password"></p>
    <p><input type="submit" value="submit"></p>
</form>

希望这能帮上忙





相关问题
JSF redirect doesn t work

I have a problem with redirecting a page in my JSF application. My navigation rule look like this : <navigation-rule> <from-view-id>/index.xhtml</from-view-id> <...

Get JSF managed bean by name in any Servlet related class

I m trying to write a custom servlet (for AJAX/JSON) in which I would like to reference my @ManagedBeans by name. I m hoping to map: http://host/app/myBean/myProperty to: @ManagedBean(name="myBean"...

JSF2 - what scope for f:ajax elements?

I have this form: <h:form> <h:outputText value="Tag:" /> <h:inputText value="#{entryRecorder.tag}"> <f:ajax render="category" /> </h:inputText> ...

Modifying JSF Component Tree in PhaseListener

I m having an issue. I ve implemented a PhaseListener, which is meant to add a style class to any UIInput components in the tree that have messages attached to them, and removes the style class if it ...

JSF 2 - clearing component attributes on page load?

The real question: Is there a way to clear certain attributes for all components on an initial page load? Background info: In my application, I have a JSF 2.0 frontend layer that speaks to a service ...

JSF2 - backed by EJB or ManagedBean?

As I am learning JSF2, I realized I am not sure what the backing components should be. From design point of view, what is the difference between EJBs and @ManagedBeans? In the end I am going to use ...

热门标签