JSF请求范围的托管bean HTTP会话的原因在-实例(JSF request-scoped ma

2019-07-29 21:27发布

我使用的是SessionFilter的servlet用于验证用户,然后给他们系统的访问。 我的限制文件是一个名为“com.shadibandhan.Restricted”文件夹中。 会话过滤器工作正常。

这里的sessionfilter Servlet的相关代码

@Override
public void doFilter(ServletRequest req, ServletResponse res,
        FilterChain chain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    String servletPath = request.getServletPath();
    String contextPath = request.getContextPath();
    String remoteHost = request.getRemoteHost();
    String url = contextPath + servletPath;
    boolean allowedRequest = false;

    if (urlList.contains(servletPath)) {
        allowedRequest = true;
    }

    if (!allowedRequest) {
        HttpSession session = request.getSession(false);
        if (null == session) {

            System.out.println("Session is not present");
            response.sendRedirect(contextPath);
            return;

        } if (null != session) {
            //String loggedIn = (String) session.getAttribute("sb_logged_in");
            System.out.println("Session is present");
            System.out.println("\nSession no. is = " + session.getId());

            if (session.getAttribute("logged-in") == "true") {
                System.out.println("Session logged-in attribute is true, " + session.getAttribute("sessionUsername") + " is logged in.");

                //ServletContext context = request.getServletContext();
                RequestDispatcher dispatcher = request.getRequestDispatcher(servletPath);
                dispatcher.forward(request, response);
            } else {
                System.out.println("Session logged-in attribute is not true");
                response.sendRedirect(contextPath);
            }
        }
    }

    chain.doFilter(req, res);
}

现在,当用户登录时,我把自己的用户名和配置文件ID在HttpSession中,这里的是绑定登录页面豆。

@ManagedBean
@SessionScoped
public class UserLoginManagedBean {

    private User user = null;
    private String username = null;
    private String password = null;
    private ServiceProvider server = null;
    HttpServletRequest request = null;
    HttpServletResponse response = null;
    HttpSession session = null;
    private Date date;
    private int profileActiveness=0;
    private int profileActivenessPercentage=0;

    public UserLoginManagedBean() {
        this.user = new User();
        this.server = ServiceProvider.getInstance();
    }

    public String validateLogin() {

        System.out.println("Inside validate login");
        boolean isUserValid = false;

        System.out.println(this.username + " " + this.password);

        isUserValid = this.authenticate(username, password);

        if (isUserValid) {
            //this.user = found;
            System.out.println("User is valid---Redirecting to messages.xhtml");
            return "com.shadibandhan.Restricted/profile.xhtml?faces-redirect=true";

        } else {
            //addGlobalErrorMessage("Unknown login, please try again");
            return null;
        }
    }

    public boolean authenticate(String username, String password) {
        boolean isUserValid = false;
        String status = null;

        //isUserValid = this.server.authenticateUser(this.username, this.password);

        this.user = (User) this.server.getRecordByTwoColumns(User.class, "username" , this.username, "password", this.password);

        if(null != this.user){
            isUserValid = true;
        }else{
            isUserValid = false;
        }

        if (isUserValid) {

            FacesContext context = FacesContext.getCurrentInstance();
            this.request = (HttpServletRequest) context.getExternalContext().getRequest();
            this.response = (HttpServletResponse) context.getExternalContext().getResponse();
            this.session = request.getSession(true);
//                 if there's no session, it'll creat a new one due to the true flag


            status = this.updateUserRecord();


            if (status.equals("success")) {
                if (null != this.session) {

                    session.setAttribute("sessionUsername", this.user.getUsername());
                    session.setAttribute("sessionProfileId", this.user.getProfile().getProfileId());
                    session.setAttribute("logged-in", "true");

                    System.out.println("Session username is --->" + session.getAttribute("sessionUsername"));
                }

            } else {
                isUserValid = false;
                FacesMessage msg = new FacesMessage("Something went wrong");
                FacesContext.getCurrentInstance().addMessage(null, msg);
            }
        }

        return isUserValid;
    }

    public String logOut() {
        FacesContext context = FacesContext.getCurrentInstance();
        System.out.println("inside logout method");
        this.request = (HttpServletRequest) context.getExternalContext().getRequest();

        if (null != this.request) {

            this.session = request.getSession(false);
            session.invalidate();
            System.out.println("Session is now invalidated");
            return "../index.xhtml?faces-redirect=true";
        } else {
            System.out.println("You're already signed out");
            return null;
        }
    }

    private String updateUserRecord() {
        String status = null;

       Date lastLoginDate=this.user.getLastLogin();
       Date currentDate= new Date();
       this.profileActiveness=this.user.getProfileActiveness();


                SimpleDateFormat format = new SimpleDateFormat("yy-MM-dd HH:mm:ss");

        try {
            lastLoginDate = format.parse(lastLoginDate.toString());
            currentDate = format.parse(currentDate.toString());
        } catch (ParseException e) {
            e.printStackTrace();
        }    

        // Get msec from each, and subtract.
        long diff = currentDate.getTime() - lastLoginDate.getTime();
        long diffSeconds = diff / 1000;         
        long diffMinutes = diff / (60 * 1000);         
        long diffHours = diff / (60 * 60 * 1000);                      
        System.out.println("Time: " + diff + " .");
        System.out.println("Time in seconds: " + diffSeconds + " seconds.");         
        System.out.println("Time in minutes: " + diffMinutes + " minutes.");         
        System.out.println("Time in hours: " + diffHours + " hours.");
        if(diffHours<12)
        {
            if(profileActiveness<8){
            profileActiveness++;
            profileActivenessPercentage=(int) (profileActiveness*12.5);
            this.user.setProfileActiveness(this.profileActiveness);
            }
            }
        if(diffHours>71)
        {
            if(profileActiveness>2){
            profileActiveness-=2;
            profileActivenessPercentage=(int) (profileActiveness*12.5);
            this.user.setProfileActiveness(this.profileActiveness);
            }
            else{
            profileActiveness=0;
            }
        }



        this.user.setLastLogin(this.getCurrentDate());
        this.user.setLoginStatus(true);

        status = this.server.updateObject(this.user);

        return status;
    }

    // ...
}

而且,在命名,MessagesManagedBean,当我尝试获取配置文件ID的用户登录后,另一个托管bean(请求范围的),它就像一个魅力。

现在,我在这里已经两个问题:

  1. 每当我尝试从与具有相关的HTTP会话在这种情况下,MessagesManagedBean一些代码,它势必豆受限制的文件夹访问一个页面,它给了我一个无法实例豆例外,因为我得到的属性在构造函数中,为什么呢?
  2. 甚至,当我没有登录,它会调用构造函数豆,每当我试图访问与它绑定的页面。

Answer 1:

你继续由请求chain.doFilter()调用后response.sendRedirect()sendRedirect()只设置一个Location新的URL将浏览器会自动处理响应头。 但是,如果你继续请求chain.doFilter()那么整个JSF过程仍然会执行。

您需要添加一个return; 后声明sendRedirect()调用退出过滤器。

} else {
    System.out.println("Session logged-in attribute is not true");
    response.sendRedirect(contextPath);
    return;
}

无关的具体问题,您已在会议的一大设计错误作用域bean。 你不应该分配的HTTP请求,响应和会话bean的实例变量。 这使得您的会话作用域bean threadunsafe。 删除所有这些属性,宣布它们的ThreadLocal只有同样的方法块内。



文章来源: JSF request-scoped managed bean http-session causes in-instantiation