我使用的是SessionFilter的servlet用于验证用户,然后给他们系统的访问。 我的限制文件是一个名为“com.shadibandhan.Restricted”文件夹中。 会话过滤器工作正常。
这里的sessionfilter Servlet的相关代码
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String servletPath = request.getServletPath();
String contextPath = request.getContextPath();
String remoteHost = request.getRemoteHost();
String url = contextPath + servletPath;
boolean allowedRequest = false;
if (urlList.contains(servletPath)) {
allowedRequest = true;
}
if (!allowedRequest) {
HttpSession session = request.getSession(false);
if (null == session) {
System.out.println("Session is not present");
response.sendRedirect(contextPath);
return;
} if (null != session) {
//String loggedIn = (String) session.getAttribute("sb_logged_in");
System.out.println("Session is present");
System.out.println("\nSession no. is = " + session.getId());
if (session.getAttribute("logged-in") == "true") {
System.out.println("Session logged-in attribute is true, " + session.getAttribute("sessionUsername") + " is logged in.");
//ServletContext context = request.getServletContext();
RequestDispatcher dispatcher = request.getRequestDispatcher(servletPath);
dispatcher.forward(request, response);
} else {
System.out.println("Session logged-in attribute is not true");
response.sendRedirect(contextPath);
}
}
}
chain.doFilter(req, res);
}
现在,当用户登录时,我把自己的用户名和配置文件ID在HttpSession中,这里的是绑定登录页面豆。
@ManagedBean
@SessionScoped
public class UserLoginManagedBean {
private User user = null;
private String username = null;
private String password = null;
private ServiceProvider server = null;
HttpServletRequest request = null;
HttpServletResponse response = null;
HttpSession session = null;
private Date date;
private int profileActiveness=0;
private int profileActivenessPercentage=0;
public UserLoginManagedBean() {
this.user = new User();
this.server = ServiceProvider.getInstance();
}
public String validateLogin() {
System.out.println("Inside validate login");
boolean isUserValid = false;
System.out.println(this.username + " " + this.password);
isUserValid = this.authenticate(username, password);
if (isUserValid) {
//this.user = found;
System.out.println("User is valid---Redirecting to messages.xhtml");
return "com.shadibandhan.Restricted/profile.xhtml?faces-redirect=true";
} else {
//addGlobalErrorMessage("Unknown login, please try again");
return null;
}
}
public boolean authenticate(String username, String password) {
boolean isUserValid = false;
String status = null;
//isUserValid = this.server.authenticateUser(this.username, this.password);
this.user = (User) this.server.getRecordByTwoColumns(User.class, "username" , this.username, "password", this.password);
if(null != this.user){
isUserValid = true;
}else{
isUserValid = false;
}
if (isUserValid) {
FacesContext context = FacesContext.getCurrentInstance();
this.request = (HttpServletRequest) context.getExternalContext().getRequest();
this.response = (HttpServletResponse) context.getExternalContext().getResponse();
this.session = request.getSession(true);
// if there's no session, it'll creat a new one due to the true flag
status = this.updateUserRecord();
if (status.equals("success")) {
if (null != this.session) {
session.setAttribute("sessionUsername", this.user.getUsername());
session.setAttribute("sessionProfileId", this.user.getProfile().getProfileId());
session.setAttribute("logged-in", "true");
System.out.println("Session username is --->" + session.getAttribute("sessionUsername"));
}
} else {
isUserValid = false;
FacesMessage msg = new FacesMessage("Something went wrong");
FacesContext.getCurrentInstance().addMessage(null, msg);
}
}
return isUserValid;
}
public String logOut() {
FacesContext context = FacesContext.getCurrentInstance();
System.out.println("inside logout method");
this.request = (HttpServletRequest) context.getExternalContext().getRequest();
if (null != this.request) {
this.session = request.getSession(false);
session.invalidate();
System.out.println("Session is now invalidated");
return "../index.xhtml?faces-redirect=true";
} else {
System.out.println("You're already signed out");
return null;
}
}
private String updateUserRecord() {
String status = null;
Date lastLoginDate=this.user.getLastLogin();
Date currentDate= new Date();
this.profileActiveness=this.user.getProfileActiveness();
SimpleDateFormat format = new SimpleDateFormat("yy-MM-dd HH:mm:ss");
try {
lastLoginDate = format.parse(lastLoginDate.toString());
currentDate = format.parse(currentDate.toString());
} catch (ParseException e) {
e.printStackTrace();
}
// Get msec from each, and subtract.
long diff = currentDate.getTime() - lastLoginDate.getTime();
long diffSeconds = diff / 1000;
long diffMinutes = diff / (60 * 1000);
long diffHours = diff / (60 * 60 * 1000);
System.out.println("Time: " + diff + " .");
System.out.println("Time in seconds: " + diffSeconds + " seconds.");
System.out.println("Time in minutes: " + diffMinutes + " minutes.");
System.out.println("Time in hours: " + diffHours + " hours.");
if(diffHours<12)
{
if(profileActiveness<8){
profileActiveness++;
profileActivenessPercentage=(int) (profileActiveness*12.5);
this.user.setProfileActiveness(this.profileActiveness);
}
}
if(diffHours>71)
{
if(profileActiveness>2){
profileActiveness-=2;
profileActivenessPercentage=(int) (profileActiveness*12.5);
this.user.setProfileActiveness(this.profileActiveness);
}
else{
profileActiveness=0;
}
}
this.user.setLastLogin(this.getCurrentDate());
this.user.setLoginStatus(true);
status = this.server.updateObject(this.user);
return status;
}
// ...
}
而且,在命名,MessagesManagedBean,当我尝试获取配置文件ID的用户登录后,另一个托管bean(请求范围的),它就像一个魅力。
现在,我在这里已经两个问题:
- 每当我尝试从与具有相关的HTTP会话在这种情况下,MessagesManagedBean一些代码,它势必豆受限制的文件夹访问一个页面,它给了我一个无法实例豆例外,因为我得到的属性在构造函数中,为什么呢?
- 甚至,当我没有登录,它会调用构造函数豆,每当我试图访问与它绑定的页面。