注销后的JSF生活 | 注销后的JSF生活

本文介绍了注销后的JSF生活的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在使用基于表单的身份验证。

I'm using form based authentication.

我有一个注销链接，如下所示：

I have a logout link which looks like:

<h:commandLink action="#{loginBean.logout}">
    <h:outputText value="logout" />
</h:commandLink></div>

以及相应的退出方法：

public String logout() {
    FacesContext.getCurrentInstance().getExternalContext().invalidateSession();

    return "/view/index?faces-redirect=true"; // Redirect added as per BalusC's suggestion.
}

点击退出链接后我回到首页，但看似没有CSS。当我点击按钮运行搜索时，我收到以下错误：

After hitting the logout link I'm returned to the front page, but seemingly without CSS. When I hit a button to run a search I get the following error:

javax.faces.application.ViewExpiredException: viewId:/view/index.jsf - View /view/index.jsf could not be restored.

然而，CSS实际上在/资源之下，不应该要求身份验证，因为我理解我的网络。 xml：

And yet the CSS is actually under /resources which shouldn't require authentication as I understand my web.xml:

    <security-constraint>
    <web-resource-collection>
        <web-resource-name>fizio</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Unprotected area</web-resource-name>
        <url-pattern>/resources/*</url-pattern>
    </web-resource-collection>
</security-constraint>

从这个状态我似乎能够再次登录并看到一些偶尔视图无法恢复的错误之间的数据，但没有CSS。它真的有点破碎了。任何建议将不胜感激。

From this state I seem to be able to login again and see some data between occasional view-could-not-be-restored errors, but no CSS. It's all a bit broken really. Any suggestions would be appreciated.

ETA：登录表格：

<form method="POST" action="j_security_check">
    <label for="j_password">Username:</label> <input type="text" name="j_username" />
    <br />
    <label for="j_password">Password:</label> <input type="password" name="j_password" /> <input type="submit" value="Login" />
</form>

推荐答案

您需要在无效后重定向。否则页面将显示在无效会话中。将 faces-redirect = true 添加到结果以触发重定向。

You need to redirect after invalidate. Otherwise the page is been shown in midst of the "invalidated" session. Add faces-redirect=true to the outcome to trigger the redirect.

public String logout() {
    FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
    return "/index?faces-redirect=true";
}

重定向将导致webbrowser在POST响应后触发新的GET请求并反过来使服务器创建一个全新的会话。通过这种方式，视图将按预期工作。

The redirect will cause the webbrowser to fire a new GET request after the POST response and in turn cause the server to create a brand new session. This way the views will work as intended.

对于CSS资源，他们显然仍需要登录。你在那里的无保护区域约束不起作用。删除它并将主安全约束的URL模式更改为例如 / app / * 或安全区域的常见路径。

As to the CSS resources, they apparently still need a login. The "Unprotected area" constraint which you have there is not going to work. Remove it and change the URL-pattern of your main security constraint to for example /app/* or whatever a common path of the secured area is.

这篇关于注销后的JSF生活的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！