我想你想基于表单的认证使用部署描述符和j_security_check.
您也可以在JSF中使用相同的预先定义的字段名来做到这一点。j_username和j_password如本教程所示。
例如:
您可以在User获取以检查User已登录,如果没有,则检查Principal在请求中存在,如果存在,则获取User与j_username.package com.stackoverflow.q2206911;import java.io.IOException;import java.security.Principal;import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;import javax.faces.context.FacesContext;@ManagedBean@SessionScopedpublic class Auth {
private User user; // The JPA entity.
@EJB
private UserService userService;
public User getUser() {
if (user == null) {
Principal principal = FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal();
if (principal != null) {
user = userService.find(principal.getName()); // Find User by j_username.
}
}
return user;
}}
这个User在JSF EL中显然可以通过#{auth.user}.
若要注销,请执行HttpServletRequest#logout()(并设置)User到零!)。你可以得到一个句柄HttpServletRequest在JSF中ExternalContext#getRequest()..您也可以完全使会话无效。public String logout() {
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
return "login?faces-redirect=true";}
对于剩余部分(在部署描述符和领域中定义用户、角色和约束),只需按照通常的方式遵循JavaEE 6教程和servlet容器文档。
更新:您还可以使用新的Servlet3.0HttpServletRequest#login()执行编程登录而不是使用j_security_check在某些服务容器中,调度员可能无法到达。在本例中,您可以使用一个完全有价值的JSF表单和一个beanusername和password属性和login方法,如下所示:
并且这个视图限定了托管bean的作用域,它还记得最初请求的页面:@ManagedBean@ViewScopedpublic class Auth {
private String username;
private String password;
private String originalURL;
@PostConstruct
public void init() {
ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
originalURL = (String) externalContext.getRequestMap().get(RequestDispatcher.FORWARD_REQUEST_URI);
if (originalURL == null) {
originalURL = externalContext.getRequestContextPath() + "/home.xhtml";
} else {
String originalQuery = (String) externalContext.getRequestMap().get(RequestDispatcher.FORWARD_QUERY_STRING);
if (originalQuery != null) {
originalURL += "?" + originalQuery;
}
}
}
@EJB
private UserService userService;
public void login() throws IOException {
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext externalContext = context.getExternalContext();
HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
try {
request.login(username, password);
User user = userService.find(username, password);
externalContext.getSessionMap().put("user", user);
externalContext.redirect(originalURL);
} catch (ServletException e) {
// Handle unknown username/password in request.login().
context.addMessage(null, new FacesMessage("Unknown login"));
}
}
public void logout() throws IOException {
ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
externalContext.invalidateSession();
externalContext.redirect(externalContext.getRequestContextPath() + "/login.xhtml");
}
// Getters/setters for username and password.}
这条路User在JSFEL中可以通过#{user}.