一、phase-listener
1、
public class CheckLogin implements PhaseListener {
public PhaseId getPhaseId() {
return PhaseId.RESTORE_VIEW;
}
public void beforePhase(PhaseEvent event) {
}
public void afterPhase(PhaseEvent event) {
//获得当前路径
String path = event.getFacesContext().getViewRoot().getViewId();
// 当前页是否 login.xhtml
boolean loginPage = path.lastIndexOf("login") > -1 ? true:false;
if (!loginPage && !loggedIn()) {
NavigationHandler nh = event.getFacesContext().getApplication().getNavigationHandler();
//navigation-case中指定的 跳转页面
//nh.handleNavigation(event.getFacesContext(), null, "logout");
}
System.out.print("----------path: "+path);
}
private boolean loggedIn() {
HttpSession session = (HttpSession) FacesContext.getCurrentInstance()
.getExternalContext().getSession(true);
if (session.getAttribute("userID")!=null) {
//管理员 不对页面权限 做检查
return true;
} else{// if( session.getAttribute("userID")!=null ){ //普通用户 权限验证
return false;
}
}
}
2、
<!--注册phase-listener-->
<lifecycle>
<phase-listener>maWei.permission.CheckLogin</phase-listener>
</lifecycle>
<!--导航规则-->
<navigation-rule>
<from-view-id>/manage/module/*</from-view-id>
<navigation-case>
<from-outcome>logout</from-outcome>
<to-view-id>/manage/login.xhtml</to-view-id>
</navigation-case>
<navigation-case>
<from-outcome>permissionError</from-outcome>
<to-view-id>/manage/errorPage/error1.xhtml</to-view-id>
</navigation-case>
</navigation-rule>
二、filter
1、
public class CheckLogin implements Filter {
protected FilterConfig filterConfig = null;
public void setFilterConfig(FilterConfig config) {
this.filterConfig = config;
}
public FilterConfig getFilterConfig() {
return filterConfig;
}
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
System.out.println(\"过滤器检查用户\");
String contextRoot = ((HttpServletRequest) request).getContextPath();
String loginPage = contextRoot.concat(\"/index.faces\");
HttpSession session = ((HttpServletRequest) request).getSession();
boolean isLoginPage = ((HttpServletRequest) request).getRequestURI().equals(loginPage);
if (session.getAttribute(\"UserInfo\") == null && !isLoginPage) {
((HttpServletResponse) response).sendRedirect(loginPage);
return;
}
chain.doFilter(request, response);
}
public void destroy() {
this.filterConfig = null;
}
}
2、
<filter>
<filter-name>CheckLogin</filter-name>
<filter-class>grant.CheckLogin</filter-class>
</filter>
<filter-mapping>
<filter-name>CheckLogin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3、web.xml url-pattern 的三种写法写法
① 完全匹配
<url-pattern>/test/list.do</url-pattern>
② 目录匹配
<url-pattern>/test/*</url-pattern>
③ 扩展名匹配
<url-pattern>*.do</url-pattern>
注意:三种方式不能混合使用。 如/manage/*.mw,是错误的
参考:http://apps.hi.baidu.com/share/detail/34837373
三、
1、
-------filter--------/maWei.sciMan/manage/user/userManage.mw
----------phase-listener-----------/manage/user/userManage.mw
顺序上,filter先于phase-listener执行
内容上,phase-listener取到的是“短路径”,filter取到的是包含“应用名”的“长”路径;
phase-listener会取到css文件的路径
参考:http://www.operamasks.org/forum/viewthread.php?tid=1365
http://apps.hi.baidu.com/share/detail/50084508 JSF页面导航(Navigation)配置总结
http://www.cnblogs.com/wenjl520/archive/2009/12/24/1631501.html JSF导航规则
四、增、删、改、查看等细粒权限
8421,
8&16==0?