1
我在我的web應用程序中使用Omnifaces,並且當前使用HttpFilter來授權登錄。授權登錄時HttpFilter的奇怪問題
這裏是我的過濾器類
@WebFilter("/backend/*")
public class AuthorizationFilter extends HttpFilter {
@Override
public void doFilter(HttpServletRequest request, HttpServletResponse response,
HttpSession session, FilterChain chain) throws ServletException, IOException {
if (session != null && session.getAttribute("userManagedBean") != null) {
chain.doFilter(request, response);
} else {
response.sendRedirect(request.getContextPath() + "/frontend/login.xhtml?faces-redirect=true");
}
}
}
該應用程序是沒有任何問題仍在運行。而且我也可以在不登錄的情況下訪問/backend/*.xhtml。
沒有錯誤日誌,什麼都沒有。
有人對這個奇怪的麻煩有什麼想法嗎?
編輯
這裏是UserManagedBean類:
@ManagedBean
@SessionScoped
public class UserManagedBean extends TblStaff implements Serializable {
private TblStaff staff = null;
private String currentLogin;
private String username;
private String password;
private boolean loggedIn;
private ExternalContext ec;
@ManagedProperty(value="#{navigationBean}")
private NavigationBean navigationBean;
public UserManagedBean() {
super();
}
public String login() {
int isValid = doLogin();
if (isValid == 1) {
StaffBLL staffBLL = new StaffBLL();
staff = staffBLL.getStaffByUsername(username);
String destinationUrl = null;
if (staff.getRoleId() == 1) {
loggedIn = true;
setCurrentLogin("admin");
destinationUrl = navigationBean.redirectToBackend();
} else if (staff.getRoleId() == 2) {
loggedIn = true;
setCurrentLogin("manager");
destinationUrl = navigationBean.redirectToManager();
} else if (staff.getRoleId() == 3) {
loggedIn = true;
setCurrentLogin("faculty");
destinationUrl = navigationBean.redirectToFaculty();
}
return destinationUrl;
} else {
return navigationBean.toLogin();
}
}
public static void setSession(String key, Object value) {
HttpSession session = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(true);
session.setAttribute(key, value);
}
public static Object getSession(String key) {
HttpSession session = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(true);
return session.getAttribute(key);
}
public String logout() {
loggedIn = false;
ec = FacesContext.getCurrentInstance().getExternalContext();
ec.invalidateSession();
setCurrentLogin(null);
return navigationBean.toFrontend();
}
public void logoutAdmin(ActionEvent actionEvent) throws IOException {
loggedIn = false;
ec = FacesContext.getCurrentInstance().getExternalContext();
ec.invalidateSession();
setCurrentLogin(null);
ec.redirect(ec.getRequestContextPath() + "/frontend/index.xhtml?faces-redirect=true");
}
public int doLogin() {
CallableStatement objCall;
SHAConverter hash = new SHAConverter();
int result = -1;
String[] params = new String[3];
params[0] = username;
params[1] = hash.hashBasic(password);
params[2] = null;
try {
objCall = SQLHelper.execute("procLogin", params);
result = objCall.getInt("Result");
} catch (SQLException ex) {
System.out.println("Error: " + ex.getMessage());
}
return result;
}
如何/何時設置並清除會話中的'userManagedBean'屬性?你能顯示代碼嗎? –
顯然'userManagedBean'不爲空 – kolossus
@DavidLevesque:我更新了我的問題。 –