JSF 2.0 Simple login page

2020-02-29 03:52发布

站内问答 / 前端开发
1756 2 2

I need to restrict the access to a part of the application. In order to access that part, user needs to log in. I have a table in my database called User, with usernames and hashed passwords and a login form that consists of two inputs and a submit. However, I don't know which classes/mathids should I use to log in the user (I assume that there is a support for this functionality in jsf). Also, as far as I know, I need to edit my web.xml to support the authentification. Could someone propose a typical solutions and general steps that I need to do in order to get that functionality (links, tutorials of a value greatly appreciated)?

i also wonder how do I limit the access to another page if the person is not logged in so when the user types in the direct link to a page, he will be redirected to a main login page.

Thanks in advance for any help. Grem.

2条回答
Rolldiameter
2楼-- · 2020-02-29 04:16

You can use j_security_check. All you do is post to it, and it will handle authentication based on the realm you've defined, and the application-specific configuration in your web.xml.

Depending on your app server, there is an additional step of linking the defined role (app-specific) to a group (realm-specific).

Here is a typical configuration:

<servlet>
    <servlet-name>Login</servlet-name>
    <servlet-class>com.example.Login</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Login</servlet-name>
    <url-pattern>/Login</url-pattern>
</servlet-mapping>
<servlet>
    <servlet-name>Error</servlet-name>
    <servlet-class>com.example.Error</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Error</servlet-name>
    <url-pattern>/Error</url-pattern>
</servlet-mapping>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>example.com</realm-name>
    <form-login-config>
        <form-login-page>/Login</form-login-page>
        <form-error-page>/Error</form-error-page>
    </form-login-config>
</login-config>

<security-role>
    <role-name>arbitraryRoleName</role-name>
</security-role>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>All Pages</web-resource-name>
        <url-pattern>/index.xhtml</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>arbitraryRoleName</role-name>
    </auth-constraint>
</security-constraint>

Note the security-role. This still needs linked into a group, or whatever you are defining to differentiate users that can use a page from users who can't.

查看更多
0人赞 添加讨论(0) 举报
Viruses.
3楼-- · 2020-02-29 04:21

You could use the HttpServletRequest API introduced in Servlet 3.0:

    /**
     * Performs authentication via HttpServletRequest API
     */
    public String login(String username, String password) throws IOException {
        try {
            getRequest().login(username, password);
            this.user = userDao.find(username);
        } catch (ServletException e) {
            JsfUtil.addErrorMessage(JsfUtil.getStringResource("loginFailed"));
            return null;
        }
        return "/index?faces-redirect=true";
    }

    public String logout() throws ServletException {
        this.user = null;
        FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
        if (isAuthenticated())
           getRequest().logout();
        return "logout";
    }

    public boolean isAuthenticated() {
        return getRequest().getUserPrincipal() != null;
    }

    public static HttpServletRequest getRequest() {
        Object request = FacesContext.getCurrentInstance().getExternalContext().getRequest();
        return request instanceof HttpServletRequest
                ? (HttpServletRequest) request : null;
    }
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(2)