堆栈内存溢出
  简体   繁体   English

如何从过滤器读取JSF会话bean?

[英]How could I read a JSF session bean from a filter?

 原文  2012-06-11 18:25:45       security/ jsf/ resources/ servlet-filters/ cdi

问题描述

I'm searching but I can't find the answer, I need secure resources based on permissions, I can't use a filter because FacesContext is not initialized before and I need load the permissions in my session bean. 我正在搜索,但找不到答案,我需要基于权限的安全资源,我无法使用过滤器,因为FacesContext之前未初始化,因此我需要在会话bean中加载权限。 Some solution avoiding use a filter? 一些避免使用过滤器的解决方案? PhaseListener, ViewHandler and ResourceHandler can't capture an URL resource request, for example I need denied this direct access: http://127.0.0.1:8080/test/resources/images/image.jpg PhaseListener,ViewHandler和ResourceHandler无法捕获URL资源请求,例如,我需要拒绝此直接访问: http://127.0.0.1:8080/test/resources/images/image.jpg : http://127.0.0.1:8080/test/resources/images/image.jpg : http://127.0.0.1:8080/test/resources/images/image.jpg test/resources/images/ http://127.0.0.1:8080/test/resources/images/image.jpg

Thx in advance... 提前谢谢...

1 个解决方案

解决方案1
 1 已采纳  2012-06-11 18:49:56

JSF stores session scoped managed beans as an attribute of the HttpSession , which in turn is just available in a Filter by HttpServletRequest#getSession() . JSF将会话范围内的受管bean作为HttpSession的属性存储,而HttpServletRequest#getSession()可以在Filter使用该属性。 

HttpSession session = ((HttpServletRequest) request).getSession();
SessionBean sessionBean = session.getAttribute("sessionBean");
// ...

Update : as per the comment you seem to be actually using CDI: 更新 :根据您似乎实际上在使用CDI的注释:

my filter is triggered before than JSF, I always get a null value when I use getAttribute. 我的过滤器比JSF之前触发,当我使用getAttribute时总是得到一个空值。 I'm using CDI with 'Named' and 'SessionScoped' annotations on my Bean because I need use a interceptor to implement security 我在Bean上使用带有“命名”和“ SessionScoped”注释的CDI,因为我需要使用拦截器来实现安全性

I understood that you were using JSF's own @ManagedBean and the initial answer only applies to that. 我知道您使用的是JSF自己的@ManagedBean ,最初的答案仅适用@ManagedBean If your bean is already managed by CDI's @Named , then just use CDI's own @Inject the usual way in the Filter . 如果您的bean已经由CDI的@Named管理,那么只需在Filter以通常的方式使用CDI自己的@Inject 

@Inject
private SessionBean sessionBean;

In case of JSF @ManagedBean you should just add a if (sessionBean != null) check. 如果是JSF @ManagedBean ,则应仅添加if (sessionBean != null)检查。 It's irrelevant whether the filter is invoked before JSF servlet or not. 是否在JSF servlet之前调用过滤器是无关紧要的。 Once the session bean has been created by JSF, it won't be null in the filter. JSF创建了会话bean之后,它在过滤器中就不会为null

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 JSF 安全性:bean 方法可访问性 - JSF Security: bean method accessibilty jsf 2.0过滤器替代 - jsf 2.0 filter alternative 从会话或数据库中读取用户权限 - read user permission from session or database 如何在JSF中执行安全性? - How do I do security in JSF? JSF - 为受限制的页面实现过滤器 - JSF - implementing filter for restricted pages 如何从MySQL数据库渲染PHP代码? - How I could Render PHP code from MySQL database? 如何保护我的用户免受会话劫持? - How can I protect my users from session hijacking? 如何从 session cookie 使用 SameSite 的跨站点请求中恢复 session? - How can I restore a session from a Cross-Site Request where the session cookie uses SameSite? 如何在 JSF/Richfaces 上设置 HttpOnly 标志 - How do I set the HttpOnly flag on JSF/Richfaces 前端框架JSF中的Bean验证是否被视为服务器端验证? - Is Bean Validation in frontend framework JSF considered server side validation?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM