java – identity.logout()之后的ViewExpiredException;在JBoss
发布时间:2020-12-15 00:56:32 所属栏目:Java 来源:网络整理
导读:在我的AuthenticationFilter重定向到登录页面后,我想退出给用户. 这就是为什么,我把identity.logout();在我的预渲染方法login.xhtml的checkPermission(…)中. 但是,当用户再次登录时,我得到了ViewExpiredException. 我的问题是 1:如果我不执行identity.logo
在我的AuthenticationFilter重定向到登录页面后,我想退出给用户.
这就是为什么,我把identity.logout();在我的预渲染方法login.xhtml的checkPermission(…)中. 但是,当用户再次登录时,我得到了ViewExpiredException. 我的问题是 1:如果我不执行identity.logout();,则由于旧用户会话仍然存在,用户再次重新登录. AuthenticationFilter.java public class AuthenticationFilter implements Filter { ..... public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse,FilterChain filterChain) throws IOException,ServletException { HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; HttpServletResponse httpResponse = (HttpServletResponse) servletResponse; HttpSession session = httpRequest.getSession(); User user = (User) session.getAttribute(Constants.LOGIN_USER); if (user == null) { session.setAttribute(Constants.MESSAGE_ID,MessageId.REQUIRED_TO_LOGIN); String loginView = httpRequest.getContextPath() + Constants.LOGIN_PAGE; httpResponse.sendRedirect(loginView); } else if (!user.getRole().equals(Role.SYSTEM_ADMINISTRATOR)) { System.out.println("User Role : " + user.getRole()); session.setAttribute(Constants.MESSAGE_ID,MessageId.REQUIRED_TO_ADMIN_ROLE); String loginView = httpRequest.getContextPath() + Constants.LOGIN_PAGE; httpResponse.sendRedirect(loginView); } else { filterChain.doFilter(servletRequest,servletResponse); } servletContext.log("Exiting the filter"); } public void destroy() { } } login.xhtml .... <f:event listener="#{LoginBean.checkPermission}" type="preRenderView" /> .... LoginBean.java @Scope(ScopeType.EVENT) @Name("LoginBean") public class LoginBean extends BaseBean { .... public boolean authenticate() { .... } public void checkPermission(ComponentSystemEvent event) { FacesContext context = getFacesContext(); ExternalContext extContext = context.getExternalContext(); String messageId = (String) extContext.getSessionMap().remove(Constants.MESSAGE_ID); if(messageId != null) { identity.logout(); addMessage(null,FacesMessage.SEVERITY_ERROR,messageId); } } } 解决方法
不要使用identity.logout();在prerenderview方法中.在AuthenticationFilter中,如果要锁定当前会话并创建新会话,请在传递messageID之前执行以下操作.
if(...) { session.invalidate(); session = httpRequest.getSession(true); .... } else if(...){ session.invalidate(); session = httpRequest.getSession(true); .... } (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
推荐文章
站长推荐
热点阅读