在我的AuthenticationFilter重定向到登录页面后,我想退出给用户.
这就是为什么,我把identity.logout();在我的预渲染方法login.xhtml的checkPermission(…)中.
但是,当用户再次登录时,我得到了ViewExpiredException.
我的问题是
1:如果我不执行identity.logout();,则由于旧用户会话仍然存在,用户再次重新登录.
2:如果我执行identity.logout();,我会收到ViewExpiredException.
AuthenticationFilter.java
public class AuthenticationFilter implements Filter {
.....
public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse,FilterChain filterChain) throws IOException,servletexception {
HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
HttpSession session = httpRequest.getSession();
User user = (User) session.getAttribute(Constants.LOGIN_USER);
if (user == null) {
session.setAttribute(Constants.MESSAGE_ID,MessageId.required_TO_LOGIN);
String loginView = httpRequest.getcontextpath() + Constants.LOGIN_PAGE;
httpResponse.sendRedirect(loginView);
} else if (!user.getRole().equals(Role.SYstem_ADMINISTRATOR)) {
System.out.println("User Role : " + user.getRole());
session.setAttribute(Constants.MESSAGE_ID,MessageId.required_TO_ADMIN_ROLE);
String loginView = httpRequest.getcontextpath() + Constants.LOGIN_PAGE;
httpResponse.sendRedirect(loginView);
} else {
filterChain.doFilter(servletRequest,servletResponse);
}
servletContext.log("Exiting the filter");
}
public void destroy() {
}
}
login.xhtml
....
<f:event listener="#{LoginBean.checkPermission}" type="preRenderView" />
....
LoginBean.java
@Scope(ScopeType.EVENT) @Name("LoginBean") public class LoginBean extends BaseBean { .... public boolean authenticate() { .... } public void checkPermission(ComponentSystemEvent event) { FacesContext context = getFacesContext(); ExternalContext extContext = context.getExternalContext(); String messageId = (String) extContext.getSessionMap().remove(Constants.MESSAGE_ID); if(messageId != null) { identity.logout(); addMessage(null,FacesMessage.SEVERITY_ERROR,messageId); } } }
解决方法
原文地址:https://www.jb51.cc/java/130139.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
