“remember me” functionality with jsf 2.0

2019-03-03 02:15发布

I am trying to implement "remember me"/"autologin" functionality. I have stored a cookie at the client but when should I read it? If I try to do that in a filter, for example, I won't have access to my application-scoped beans which I use to access the db.

What are the best practices to do that?

2条回答
贼婆χ
2楼-- · 2019-03-03 02:36

It depends a little on how your current login exactly works. Is it a container login followed by custom stuff (like putting some object in the session) or only custom?

In the first case you can't do an auto-login completely in JSF, since the container will kick-in whenever the uses tries to access a protected resource. In that case you still need to do the container login part in a Filter (HttpServletRequest#login).

For both the first and second case, the JSF part can be done via a global PhaseListener. In this case you could listen to a very early event, e.g. before RESTORE_VIEW. In this event handler, you can check the session for whatever object your put in there to flag your login, and if it's not there use the HttpServletRequest to check if there's a "remember me" cookie and proceed with the login if needed. When the PhaseListener is called, JSF is fully operational and you can access your application scoped managed beans.

If you only use an object in the session and don't bother doing any container login, then you can simply skip the first part.

p.s.

Another option is not to put any DB stuff in JSF managed beans, so you don't need JSF operational in order to access your DB. In a Java EE application, EJB beans are alternative candidates (and actually better suited for this job). They can be injected into your filter and used to access the DB before the JSF life-cycle starts. Next to EJB beans, CDI beans are also an option. In many ways, these are better alternatives for JSF managed beans anyway.

查看更多
乱世女痞
3楼-- · 2019-03-03 02:42

Session scope will keep content for as long as a session is active, combine it with a state persistence either in DB or via a cookie.

Non of the scopes will really "remember" your state by itself, the best you can do is persist the state to the DB and when the user returns, restore it as best as possible and push the data into a sessionscoped bean.

Otherwise extend the sessionscope's session via a cookie

FacesContext.getCurrentInstance().getExternalContext.addResponseCookie(..)
查看更多
登录 后发表回答