我在我的应用程序中嵌入了登录/退出功能,但过滤器可能没有起作用,因为我在浏览器地址栏中指向它们后仍然可以看到已经登出的页面。这是我的登录操作:
this.currentUser = new User(); // initiate currentUser
FacesContext facesContext = FacesContext.getCurrentInstance();
facesContext.getApplication().createValueBinding("#{" + Constants.VISIT_KEY_SCOPE +
Constants.VISIT_KEY + "}").setValue(facesContext, currentUser);
FacesUtils.putIntoSession(Constants.VISIT_KEY, currentUser);
注销操作:
FacesContext facesContext = FacesContext.getCurrentInstance();
HttpSession session = (HttpSession)facesContext.getExternalContext().getSession(false);
session.removeAttribute(Constants.VISIT_KEY_SCOPE + Constants.VISIT_KEY);
if (session != null)
{
session.invalidate();
}
常量类:
public class Constants
{
// Backing bean keys
public final static String VISIT_KEY_SCOPE = "sessionScope.";
public final static String VISIT_KEY = "currentUser";
// Model object keys
public final static String PROJECT_COORDINATOR_SCOPE = "applicationScope.";
public final static String ORIGINAL_VIEW_SCOPE = "sessionScope";
public final static String ORIGINAL_VIEW_KEY = "originalTreeId";
}
web.xml文件:
<filter>
<filter-name>AuthorizationFilter</filter-name>
<filter-class>org.AuthorizationFilter.AuthorizationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>/faces/pages/*</url-pattern>
</filter-mapping>
最后,授权过滤器如下:
public class AuthorizationFilter implements Filter
{
FilterConfig config = null;
ServletContext servletContext = null;
public AuthorizationFilter()
{
}
public void init(FilterConfig filterConfig) throws ServletException
{
config = filterConfig;
servletContext = config.getServletContext();
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException
{
HttpServletRequest httpRequest = (HttpServletRequest)request;
HttpServletResponse httpResponse = (HttpServletResponse)response;
HttpSession session = httpRequest.getSession();
User currentUser = (User)session.getAttribute("currentUser");
if (session == null || currentUser == null || currentUser.getUserName() == null)
{
session.setAttribute(Constants.ORIGINAL_VIEW_KEY, httpRequest.getPathInfo());
httpResponse.sendRedirect(httpRequest.getContextPath() + "/faces/pages
/login.jsp");
}
else
{
session.removeAttribute(Constants.ORIGINAL_VIEW_KEY);
chain.doFilter(request, response);
}
}
public void destroy()
{
}
}
感谢您的耐心和帮助。