我想您想要使用部署描述符和的 基于表单的身份验证。
j_security_check
您也可以在JSF中通过使用相同的预定义字段名来完成此操作
j_username,
j_password如本教程中所示。
例如
<form action="j_security_check" method="post"> <h:outputLabel for="j_username" value="Username" /> <h:inputText id="j_username" /> <br /> <h:outputLabel for="j_password" value="Password" /> <h:inputSecret id="j_password" /> <br /> <h:commandButton value="Login" /></form>
您可以在
Usergetter中进行延迟加载,以检查是否User已经登录,如果尚未登录,则检查Principal请求中是否存在,如果已登录,则获取与的User关联
j_username。
package com.stackoverflow.q2206911;import java.io.IOException;import java.security.Principal;import javax.faces.bean.ManagedBean;import javax.faces.bean.SessionScoped;import javax.faces.context.FacesContext;@ManagedBean@SessionScopedpublic class Auth { private User user; // The JPA entity. @EJB private UserService userService; public User getUser() { if (user == null) { Principal principal = FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal(); if (principal != null) { user = userService.find(principal.getName()); // Find User by j_username. } } return user; }}该User是由JSF EL明显访问#{auth.user}。
要注销,请执行一
HttpServletRequest#logout()(并设置User为null!)。您可以通过来获取
HttpServletRequestJSF中的句柄
ExternalContext#getRequest()。您也可以完全使会话无效。
public String logout() { FacesContext.getCurrentInstance().getExternalContext().invalidateSession(); return "login?faces-redirect=true";}对于剩余部分(在部署描述符和领域中定义用户,角色和约束),只需按照通常的方式遵循Java EE 6教程和servletcontainer文档。
更新:您还可以使用新的Servlet3.0HttpServletRequest#login()进行程序化登录,而不是使用j_security_check某些Servlet容器中的调度程序本身可能无法访问的登录方式。在这种情况下,您可以使用完全有价值的JSF表单以及具有username和password属性以及login方法的Bean,如下所示:
<h:form> <h:outputLabel for="username" value="Username" /> <h:inputText id="username" value="#{auth.username}" required="true" /> <h:message for="username" /> <br /> <h:outputLabel for="password" value="Password" /> <h:inputSecret id="password" value="#{auth.password}" required="true" /> <h:message for="password" /> <br /> <h:commandButton value="Login" action="#{auth.login}" /> <h:messages globalonly="true" /></h:form>这个视图的作用域为托管bean,它也记住了最初请求的页面:
@ManagedBean@ViewScopedpublic class Auth { private String username; private String password; private String originalURL; @PostConstruct public void init() { ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext(); originalURL = (String) externalContext.getRequestMap().get(RequestDispatcher.FORWARD_REQUEST_URI); if (originalURL == null) { originalURL = externalContext.getRequestContextPath() + "/home.xhtml"; } else { String originalQuery = (String) externalContext.getRequestMap().get(RequestDispatcher.FORWARD_QUERY_STRING); if (originalQuery != null) { originalURL += "?" + originalQuery; } } } @EJB private UserService userService; public void login() throws IOException { FacesContext context = FacesContext.getCurrentInstance(); ExternalContext externalContext = context.getExternalContext(); HttpServletRequest request = (HttpServletRequest) externalContext.getRequest(); try { request.login(username, password); User user = userService.find(username, password); externalContext.getSessionMap().put("user", user); externalContext.redirect(originalURL); } catch (ServletException e) { // Handle unknown username/password in request.login(). context.addMessage(null, new FacesMessage("Unknown login")); } } public void logout() throws IOException { ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext(); externalContext.invalidateSession(); externalContext.redirect(externalContext.getRequestContextPath() + "/login.xhtml"); } // Getters/setters for username and password.}这样,
User可以在
JSF EL中访问
#{user}。
