![](/img/trans.png)
[英]Tomcat and Jaas authentication servlet in a form-based security constraint
[英]PrimeFaces Mobile 5.2 and form-based JAAS login not working together
我有一個帶有PrimeFaces 5.2的JSF 2.2應用程序和基於表單的登錄,以及一個使用Wildfly 8.2和PostgreSQL的JBoss安全領域。
這工作正常,完全符合預期。 現在的問題是將上述設置與PrimeFaces Mobile一起使用 。 輸入用戶名和密碼並單擊“登錄”按鈕后,什么都沒有發生,因為我再次被重定向到登錄視圖,並被重定向到原始請求的頁面或錯誤頁面。
讓我們從我的移動登錄表單開始:
<ui:define name="content">
<pm:content styleClass="content">
<h:form id="loginForm" method="POST" prependId="false"
onsubmit="document.getElementById('loginForm').action = 'j_security_check';">
<p:focus for="j_username"/>
<pm:field>
<p:outputLabel value="Benutzername"></p:outputLabel>
<h:inputText id="j_username" name="j_username" required="true" />
</pm:field>
<pm:field>
<p:outputLabel value="Passwort"></p:outputLabel>
<p:password id="j_password" name="j_password" redisplay="false" required="true" />
</pm:field>
<pm:field>
<p:commandButton id="login" value="Login" ajax="false" />
</pm:field>
</h:form>
</pm:content>
</ui:define>
如前所述,表單定義適用於非移動版本,對於移動版本,我剛剛添加了標簽pm_content
和pm:field
。
在Chrome中檢查生成的DOM時,我可以看到頁面的呈現的移動版本與非移動版本的表單和輸入元素具有不同的ID,並且缺少onsubmit
:
<form id="j_idt6:loginForm" name="j_idt6:loginForm" method="post" action="/MyApp/login.xhtml" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="j_idt6:loginForm" value="j_idt6:loginForm">
<span id="j_idt6:j_idt32"></span><script type="text/javascript">$(function(){PrimeFaces.focus('j_idt6:username');});</script><div class="ui-field-contain"><label id="j_idt6:j_idt16" class="ui-outputlabel ui-widget">Benutzername</label><div class="ui-input-text ui-body-inherit ui-corner-all ui-shadow-inset"><input id="j_idt6:username" type="text" name="j_idt6:username"></div></div><div class="ui-field-contain"><label id="j_idt6:j_idt18" class="ui-outputlabel ui-widget">Passwort</label><div id="j_idt6:password" class="ui-input-text ui-body-inherit ui-corner-all ui-shadow-inset ui-input-has-clear"><input data-role="none" id="j_idt6:password" name="j_idt6:password" type="password"><a href="#" class="ui-input-clear ui-btn ui-icon-delete ui-btn-icon-notext ui-corner-all ui-input-clear-hidden"></a></div></div><div class="ui-field-contain"><button id="j_idt6:login" name="j_idt6:login" class="ui-btn ui-shadow ui-corner-all" onclick="" type="submit">Login</button></div><input type="hidden" name="javax.faces.ViewState" id="j_id1:javax.faces.ViewState:0" value="-5673897088131963149:-3654042330506594383" autocomplete="off">
</form>
現在,從非移動登錄生成的輸出:
<form id="loginForm" name="loginForm" method="post" action="/MyApp/login.xhtml" enctype="application/x-www-form-urlencoded" onsubmit="document.getElementById('loginForm').action = 'j_security_check';">
<input type="hidden" name="loginForm" value="loginForm">
<span id="j_idt11"></span><script type="text/javascript">$(function(){PrimeFaces.focus('j_username');});</script><input id="j_username" type="text" name="j_username"><input id="j_password" type="password" name="j_password" value=""><input id="login" type="submit" name="login" value="Login"><input type="hidden" name="javax.faces.ViewState" id="j_id1:javax.faces.ViewState:0" value="5464337132357101375:3961658655950415709" autocomplete="off">
</form>
如果我做對了,那么在移動版本中添加ID似乎有問題。
如何解決此問題,並在PrimeFaces Mobile 5.2中實現對j_security_check
的POST?
我可以使用@BalusC的提示來修改一個可行的解決方案,以便現在我的表單如下所示:
<ui:define name="content">
<pm:content styleClass="content">
<h:form>
<pm:field>
<h:outputLabel for="username" value="Username" />
<h:inputText id="username" value="#{authenticationBean.username}"
required="true" />
<h:message for="username" />
</pm:field>
<pm:field>
<h:outputLabel for="password" value="Password" />
<h:inputSecret id="password" value="#{authenticationBean.password}"
required="true" />
<h:message for="password" />
</pm:field>
<pm:field>
<h:commandButton value="Login" action="#{authenticationBean.login()}" />
</pm:field>
</h:form>
</pm:content>
</ui:define>
現在,登錄方式是在@ViewScoped
托管Bean AuthenticationBean中的登錄方法內的編程方式:
public void login() {
log.info("Login attempt");
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext externalContext = context.getExternalContext();
HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
try {
request.login(username, password);
log.info("Login successful");
externalContext.redirect(originalURL);
} catch (ServletException e) {
// Handle unknown username/password in request.login().
context.addMessage(null, new FacesMessage("Unknown login"));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.