我使用SessionFilter servlet来验证用户,然后授予系统访问权限。我的受限文件位于名为“com.shadibandhan.Restricted”的文件夹中。 会话过滤器工作正常。JSF请求范围的托管bean http-session导致实例化
这里的sessionfilter的servlet
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String servletPath = request.getServletPath();
String contextPath = request.getContextPath();
String remoteHost = request.getRemoteHost();
String url = contextPath + servletPath;
boolean allowedRequest = false;
if (urlList.contains(servletPath)) {
allowedRequest = true;
}
if (!allowedRequest) {
HttpSession session = request.getSession(false);
if (null == session) {
System.out.println("Session is not present");
response.sendRedirect(contextPath);
return;
} if (null != session) {
//String loggedIn = (String) session.getAttribute("sb_logged_in");
System.out.println("Session is present");
System.out.println("\nSession no. is = " + session.getId());
if (session.getAttribute("logged-in") == "true") {
System.out.println("Session logged-in attribute is true, " + session.getAttribute("sessionUsername") + " is logged in.");
//ServletContext context = request.getServletContext();
RequestDispatcher dispatcher = request.getRequestDispatcher(servletPath);
dispatcher.forward(request, response);
} else {
System.out.println("Session logged-in attribute is not true");
response.sendRedirect(contextPath);
}
}
}
chain.doFilter(req, res);
}
现在的相关代码,当用户登录时,我把自己的用户名和配置文件ID在HttpSession中,这里的是绑定登录页面豆。
@ManagedBean
@SessionScoped
public class UserLoginManagedBean {
private User user = null;
private String username = null;
private String password = null;
private ServiceProvider server = null;
HttpServletRequest request = null;
HttpServletResponse response = null;
HttpSession session = null;
private Date date;
private int profileActiveness=0;
private int profileActivenessPercentage=0;
public UserLoginManagedBean() {
this.user = new User();
this.server = ServiceProvider.getInstance();
}
public String validateLogin() {
System.out.println("Inside validate login");
boolean isUserValid = false;
System.out.println(this.username + " " + this.password);
isUserValid = this.authenticate(username, password);
if (isUserValid) {
//this.user = found;
System.out.println("User is valid---Redirecting to messages.xhtml");
return "com.shadibandhan.Restricted/profile.xhtml?faces-redirect=true";
} else {
//addGlobalErrorMessage("Unknown login, please try again");
return null;
}
}
public boolean authenticate(String username, String password) {
boolean isUserValid = false;
String status = null;
//isUserValid = this.server.authenticateUser(this.username, this.password);
this.user = (User) this.server.getRecordByTwoColumns(User.class, "username" , this.username, "password", this.password);
if(null != this.user){
isUserValid = true;
}else{
isUserValid = false;
}
if (isUserValid) {
FacesContext context = FacesContext.getCurrentInstance();
this.request = (HttpServletRequest) context.getExternalContext().getRequest();
this.response = (HttpServletResponse) context.getExternalContext().getResponse();
this.session = request.getSession(true);
// if there's no session, it'll creat a new one due to the true flag
status = this.updateUserRecord();
if (status.equals("success")) {
if (null != this.session) {
session.setAttribute("sessionUsername", this.user.getUsername());
session.setAttribute("sessionProfileId", this.user.getProfile().getProfileId());
session.setAttribute("logged-in", "true");
System.out.println("Session username is --->" + session.getAttribute("sessionUsername"));
}
} else {
isUserValid = false;
FacesMessage msg = new FacesMessage("Something went wrong");
FacesContext.getCurrentInstance().addMessage(null, msg);
}
}
return isUserValid;
}
public String logOut() {
FacesContext context = FacesContext.getCurrentInstance();
System.out.println("inside logout method");
this.request = (HttpServletRequest) context.getExternalContext().getRequest();
if (null != this.request) {
this.session = request.getSession(false);
session.invalidate();
System.out.println("Session is now invalidated");
return "../index.xhtml?faces-redirect=true";
} else {
System.out.println("You're already signed out");
return null;
}
}
private String updateUserRecord() {
String status = null;
Date lastLoginDate=this.user.getLastLogin();
Date currentDate= new Date();
this.profileActiveness=this.user.getProfileActiveness();
SimpleDateFormat format = new SimpleDateFormat("yy-MM-dd HH:mm:ss");
try {
lastLoginDate = format.parse(lastLoginDate.toString());
currentDate = format.parse(currentDate.toString());
} catch (ParseException e) {
e.printStackTrace();
}
// Get msec from each, and subtract.
long diff = currentDate.getTime() - lastLoginDate.getTime();
long diffSeconds = diff/1000;
long diffMinutes = diff/(60 * 1000);
long diffHours = diff/(60 * 60 * 1000);
System.out.println("Time: " + diff + " .");
System.out.println("Time in seconds: " + diffSeconds + " seconds.");
System.out.println("Time in minutes: " + diffMinutes + " minutes.");
System.out.println("Time in hours: " + diffHours + " hours.");
if(diffHours<12)
{
if(profileActiveness<8){
profileActiveness++;
profileActivenessPercentage=(int) (profileActiveness*12.5);
this.user.setProfileActiveness(this.profileActiveness);
}
}
if(diffHours>71)
{
if(profileActiveness>2){
profileActiveness-=2;
profileActivenessPercentage=(int) (profileActiveness*12.5);
this.user.setProfileActiveness(this.profileActiveness);
}
else{
profileActiveness=0;
}
}
this.user.setLastLogin(this.getCurrentDate());
this.user.setLoginStatus(true);
status = this.server.updateObject(this.user);
return status;
}
// ...
}
而且,在另一个叫管理,MessagesManagedBean豆(请求范围的),当我尝试获取配置文件ID的用户登录后,它就像一个魅力。现在
,我有两个问题在这里:
- 每当我尝试从具有 具有相关的HTTP会话 在这样的代码就势必豆受限制的文件夹访问一个页面情况下MessagesManagedBean,它给了我一个不能 实例化bean异常,因为我得到 构造函数中的属性,为什么?
- 即使我没有登录,它也会调用bean的构造函数,只要我尝试访问与之绑定的页面。
它的工作。感谢并感谢其他有用的建议以及:) –
不客气。 – BalusC
我的问题2呢? 每当我尝试访问页面,即使没有登录,它调用bean的构造函数...? –