部分原作者为Aaron Bartell ,最初发表在iSeriesNetwork.com’s Club Tech Tips email newsletter。
通过PhaseListener 可以在一个点上(JSF生命周期的Restore View phase阶段)进行权限验证,从而避免在每个页面或者每个backing bean中判断用户访问权限,造成过多的冗余代码和管理上的混乱。
步骤一:在faces-config.xml中注册 PhaseListener
<lifecycle> <phase-listener>com.loffler.copycenter.controller.LoggedInCheck</phase-listener> </lifecycle>
|
步骤二:创建实现PhaseListener接口的LoggedInCheck 类。getPhaseId 方法被用来告诉PhaseListener在那一个JSF生命周期阶段该类会被调用。本例使用PhaseId.RESTORE_VIEW。
package com.mowyourlawn.controller; import javax.faces.application.NavigationHandler; import javax.faces.context.FacesContext; import javax.faces.event.PhaseEvent; import javax.faces.event.PhaseId; import javax.faces.event.PhaseListener; public class LoggedInCheck implements PhaseListener { public PhaseId getPhaseId() { return PhaseId.RESTORE_VIEW; } public void beforePhase(PhaseEvent event) { } public void afterPhase(PhaseEvent event) { FacesContext fc = event.getFacesContext(); // Check to see if they are on the login page.
boolean loginPage = fc.getViewRoot().getViewId().lastIndexOf("login") > -1 ? true : false; if (!loginPage && !loggedIn()) { NavigationHandler nh = fc.getApplication().getNavigationHandler(); nh.handleNavigation(fc, null, "logout"); } } private boolean loggedIn() { return LoginController.loggedIn().booleanValue()c; } }
|
步骤三:在 faces-config.xml 文件中注册logout导航规则,对应上面的代码:nh.handleNavigation(fc, null, "logout")。
<navigation-rule> <from-view-id>*</from-view-id> <navigation-case> <from-outcome>logout</from-outcome> <to-view-id>/login.jsp</to-view-id> </navigation-case> </navigation-rule>
|
注:在JSF中也可以利用Filter进行权限验证,但是由于导航方式中Forward和Redirect的不同,往往通过getRequestURI得到的URI不一定是当前的View,因此利用PhaseListener实现权限验证优于Filter。
大概思路是 建一个filter 过滤除登陆页面的其他所有页面 在filter 里取到session 判断里面是否有值 如果有 则正常跳转 否则跳转到登陆页或你需要的指定页面即可~代码如下:
在web.xml里面加上filter :
<!-- 用户登录过滤器开始 --> <filter> <filter-name>checkLoginFilter </filter-name> <filter-class>CheckLoginFilter </filter-class> <init-param> <param-name>checkSessionKey </param-name> <param-value>LoginUser </param-value> </init-param> <init-param> <param-name>redirectURL </param-name> <param-value>/login.jsf </param-value> </init-param> <init-param> <param-name>notCheckURLList </param-name> <param-value>/login.jsf </param-value> </init-param> </filter> <filter-mapping> <filter-name>checkLoginFilter </filter-name> <url-pattern>*.jsf </url-pattern> </filter-mapping>
<!-- 用户登录过滤器结束 -->
|
CheckLoginFilter.java
/** * 用于检测用户是否登陆的过滤器,如果未登录,则重定向到指的登录页面 * 配置参数 * checkSessionKey 需检查的在 Session 中保存的关键字 * redirectURL 如果用户未登录,则重定向到指定的页面,URL不包括 ContextPath * notCheckURLList 不做检查的URL列表,以分号分开,并且 URL 中不包括 ContextPath */ public class CheckLoginFilter implements Filter { protected FilterConfig filterConfig = null; private String redirectURL = null; private List <String> notCheckURLList = new ArrayList <String>(); private String sessionKey = null;
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException{ HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; HttpSession session = request.getSession(); response.setHeader("Cache-Control","no-cache"); response.setHeader("Pragma","no-cache"); response.setDateHeader ("Expires", -1); if(sessionKey == null){ filterChain.doFilter(request, response); return; } if((!checkRequestURIIntNotFilterList(request)) && session.getAttribute(sessionKey) == null){ response.sendRedirect(request.getContextPath() + redirectURL); return; } filterChain.doFilter(servletRequest, servletResponse); }
public void destroy(){ notCheckURLList.clear(); }
private boolean checkRequestURIIntNotFilterList(HttpServletRequest request){ String uri = request.getServletPath() + (request.getPathInfo() == null ? "" : request.getPathInfo()); return notCheckURLList.contains(uri); }
public void init(FilterConfig filterConfig) throws ServletException{ this.filterConfig = filterConfig; redirectURL = filterConfig.getInitParameter("redirectURL"); sessionKey = filterConfig.getInitParameter("checkSessionKey");
String notCheckURLListStr = filterConfig.getInitParameter("notCheckURLList");
if(notCheckURLListStr != null){ StringTokenizer st = new StringTokenizer(notCheckURLListStr, ";"); notCheckURLList.clear(); while(st.hasMoreTokens()){ notCheckURLList.add(st.nextToken()); } } } }
|
阅读(1769) | 评论(0) | 转发(0) |