java 如何限制未登录用户访问某些页面?(JSF 2.0)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5661460/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to restrict access to not logged users to certain pages? (JSF 2.0)
提问by sfrj
I am implementing my own authentication mechanism and i want to know if what i am doing is correct and if not how can i do it correctly.
我正在实施我自己的身份验证机制,我想知道我所做的是否正确,如果不正确,我该如何正确执行。
First ill explain how my authentication mechanism works:
首先解释一下我的身份验证机制是如何工作的:
-The details of my users are inside an object called Role. This object contains 3 fields:
- 我的用户的详细信息在一个名为 Role 的对象中。该对象包含 3 个字段:
email:String
电子邮件:String
password:String
密码:String
userType:Enum
用户类型:Enum
-When the user accesses the system, the object Role is saved into the session.
- 当用户访问系统时,对象Role 被保存到会话中。
My question is: How can i restrict the access to certain pages to users(Role) based in their userTypefields?
我的问题是:如何根据用户(角色)的userType字段限制对某些页面的访问?
This is what i do but doesnt work.
这就是我所做的,但不起作用。
First i have a managed bean that checks if the usser is logged.
首先,我有一个托管 bean,用于检查用户是否已记录。
@ManagedBean
@RequestScoped
public class SecurityController {
//Some attributes...
public String redirectNotBuyer() {
Role role = (Role) FacesContext.getCurrentInstance()
.getExternalContext().getSessionMap().get("userRole");
//Checks if user is logged
if (role == null) {
// Please login
//Add message to authentification
return "login.xhtml";
} else if (role != null) {
if (!role.getType().toString().equalsIgnoreCase("BUYER")) {
// Buyer not authorized
return "main.xhtml";
}
}
return null;
}
public String redirectNotSeller() {
Role role = (Role) FacesContext.getCurrentInstance()
.getExternalContext().getSessionMap().get("userRole");
if (role == null) {
// Please login
//Add message to authentification
return "login.xhtml";
} else if (role != null) {
if (!role.getType().toString().equalsIgnoreCase("SELLERs")) {
// Buyer not authorized
return "main.xhtml";
}
}
return null;
}
//Getters, setters...
Those 2 methods above redirect in case the user is not a Buyer and in case the user is not a seller.
如果用户不是买方和用户不是卖方,则上述 2 种方法会重定向。
So now what i do is in the page that i dont want the user to go i call one of those methods, so the user gets redirected to the main page. Example: A non authorized user enters a page that is called buyOffer.xhtml, that only BUYERS can access:
所以现在我所做的是在我不希望用户访问的页面中调用这些方法之一,因此用户被重定向到主页。示例:非授权用户进入名为 buyOffer.xhtml 的页面,只有 BUYERS 才能访问:
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core">
<ui:composition template="WEB-INF/templates/BasicTemplate.xhtml">
<!-- THE REGISTRATION FORM -->
<ui:define name="buyOfferForm">
<h2>Buy offer</h2>
#{SecurityController.redirectNotBuyer()}
</ui:define>
</ui:composition>
</html>
For some reason when i go to this page with a not logged in user or a user that is not has BUYER as userType, it does not get redirected to the main.xhtml page. Why is that?
出于某种原因,当我使用未登录的用户或没有 BUYER 作为 userType 的用户访问此页面时,它不会被重定向到 main.xhtml 页面。这是为什么?
