注销后的JSF寿命
[英]JSF life after logout
问题描述
I'm using form based authentication. 
我正在使用基于表单的身份验证。
I have a logout link which looks like: 我有一个注销链接,看起来像:
<h:commandLink action="#{loginBean.logout}">
<h:outputText value="logout" />
</h:commandLink></div>
And the corresponding logout method: 以及相应的注销方法:
public String logout() {
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
return "/view/index?faces-redirect=true"; // Redirect added as per BalusC's suggestion.
}
After hitting the logout link I'm returned to the front page, but seemingly without CSS. 点击注销链接后,我返回首页,但似乎没有CSS。 When I hit a button to run a search I get the following error: 当我按下按钮进行搜索时,出现以下错误:
javax.faces.application.ViewExpiredException: viewId:/view/index.jsf - View /view/index.jsf could not be restored.
And yet the CSS is actually under /resources which shouldn't require authentication as I understand my web.xml: 但是CSS实际上位于/ resources下,因为我了解我的web.xml,所以它不需要身份验证:
<security-constraint>
<web-resource-collection>
<web-resource-name>fizio</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Unprotected area</web-resource-name>
<url-pattern>/resources/*</url-pattern>
</web-resource-collection>
</security-constraint>
From this state I seem to be able to login again and see some data between occasional view-could-not-be-restored errors, but no CSS. 从这种状态来看,我似乎能够再次登录并看到偶尔无法恢复的错误之间的一些数据,但是没有CSS。 It's all a bit broken really. 真的有点破。 Any suggestions would be appreciated. 任何建议,将不胜感激。
ETA: Login form: 预计到达时间:登录表单:
<form method="POST" action="j_security_check">
<label for="j_password">Username:</label> <input type="text" name="j_username" />
<br />
<label for="j_password">Password:</label> <input type="password" name="j_password" /> <input type="submit" value="Login" />
</form>
1 个解决方案
解决方案1
3 已采纳 2011-08-22 13:37:09
You need to redirect after invalidate. 无效后,您需要重定向。 Otherwise the page is been shown in midst of the "invalidated" session. 否则,页面将显示在“无效”会话的中间。 Add faces-redirect=true to the outcome to trigger the redirect. 在结果中添加faces-redirect=true以触发重定向。
public String logout() {
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
return "/index?faces-redirect=true";
}
The redirect will cause the webbrowser to fire a new GET request after the POST response and in turn cause the server to create a brand new session. 重定向将导致Web浏览器在POST响应后触发新的GET请求,进而导致服务器创建一个全新的会话。 This way the views will work as intended. 这样,视图将按预期工作。
As to the CSS resources, they apparently still need a login. 至于CSS资源,他们显然仍然需要登录。 The "Unprotected area" constraint which you have there is not going to work. 您拥有的“未保护区域”约束将无法工作。 Remove it and change the URL-pattern of your main security constraint to for example /app/* or whatever a common path of the secured area is. 删除它,然后将您的主要安全约束的URL模式更改为/app/*或任何受保护区域的公共路径。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.