Infinite loop when trying to login using Servlet Filter in JSF
Question
I am trying to create a login application using JSF and servlet filter, but when user logs in nothing happens. It redirects to login page again.
Here is the project directory:
Here is web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>javaeetutorial.guessnumber.filters.LoggedInFilter</filter-class>
</filter>
<!-- Set the login filter to secure all the pages in the /secured/* path of the application -->
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/secured/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>greeting.xhtml</welcome-file>
</welcome-file-list>
</web-app>
Here is LoggedInFilter.java
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package javaeetutorial.guessnumber.filters;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javaeetutorial.guessnumber.TestBean;
/**
*
* @author salih
*/
public class LoggedInFilter implements Filter {
FilterConfig fc;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
fc = filterConfig;
//throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
Enumeration<String> t = ((HttpServletRequest) request).getSession().getAttributeNames();
while(t.hasMoreElements()) { System.out.println(t.nextElement().toString());}
TestBean loginBean = (TestBean) ((HttpServletRequest) request).getSession().getAttribute("testBean");
// For the first application request there is no loginBean in the session so user needs to log in
// For other requests loginBean is present but we need to check if user has logged in successfully
if (loginBean == null || !loginBean.isLoggedIn()) {
String contextPath = ((HttpServletRequest) request).getContextPath();
((HttpServletResponse) response).sendRedirect(contextPath + "/login.xhtml");
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
}
}
Here is TestBean.java
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package javaeetutorial.guessnumber;
import java.io.Serializable;
import javax.enterprise.context.SessionScoped;
import javax.faces.application.FacesMessage;
import javax.faces.bean.ManagedProperty;
import javax.faces.context.FacesContext;
import javax.inject.Named;
/**
*
* @author salih
*/
@Named
@SessionScoped
public class TestBean implements Serializable {
private boolean loggedIn;
private String username;
private String password;
private NavigationBean navigationBean = new NavigationBean();
private static final String[] users = {"anna:qazwsx", "kate:123456"};
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public boolean isLoggedIn() {
return loggedIn;
}
public void setLoggedIn(boolean loggedIn) {
this.loggedIn = loggedIn;
}
public String doLogin() {
// Get every user from our sample database :)
for (String user : users) {
String dbUsername = user.split(":")[0];
String dbPassword = user.split(":")[1];
// Successful login
if (dbUsername.equals(username) && dbPassword.equals(password)) {
loggedIn = true;
return navigationBean.redirectToWelcome();
}
}
// Set login ERROR
FacesMessage msg = new FacesMessage("Login error!", "ERROR MSG");
msg.setSeverity(FacesMessage.SEVERITY_ERROR);
FacesContext.getCurrentInstance().addMessage(null, msg);
// To to login page
return navigationBean.toLogin();
}
}
Here is login.xhtml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"htth://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html">
<h:head>
<title>Login form</title>
</h:head>
<h:body>
<h3>Login here</h3>
<h:form id="login-form">
<h:outputText value="username:"/>
<h:inputText value="#{testBean.username}" id="username"/>
<br/>
<h:outputText value="password:"/>
<h:inputSecret value="#{testBean.password}" id="password"/>
<br/>
<h:commandButton id="button" value="Login" action="#{testBean.doLogin}"/>
<br/>
<h:commandLink action="#{navigationBean.redirectToInfo}" value="Info page"/>
<br/>
<h:messages />
<br/>
</h:form>
</h:body>
</html>
1 answers
solution1
1 ACCPTED 2014-01-15 13:35:10
You are mixing JSF managed beans / concepts with CDI managed beans.
First off you neglected to specify your container but I will write one answer for plain servlet container and one for a CDI enabled java application server such as TomEE / Wildfly / Glassfish.
Use @Named and @SessionScoped but make sure you have the correct @SessionScoped. javax.enterprise.context is the package name. If you use the SessionScoped from JSF the bean will be dependent scoped and that's wrong.
Now remove the filter and do a quick test with a test page. Set a field with <h:inputText /> and <h:commandButton> (both in a <h:form> ). Make sure the value is still there after F5 and thus sucessfully @SessionScoped.
If it does not work makes sure you are using CDI 1.1 or that you have beans.xml present accordingly to docs.
Lastly use
@Inject
private TestBean testBean;
Or if you have a plain container like Tomcat or Jetty you need to use Deltaspike Core and then: TestBean testBean = BeanProvider.getContextualReference(TestBean.class, false);
good luck
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.