我在创建自定义安全过滤器时遇到问题。我打算创建一个过滤器,它将与服务器检查在URL中传递的sessionId,用于身份验证&批准我打算在代码中使用现有的JSF框架(比如会话缓存等)
对于它,我首先定义了一个应用程序范围的bean。faces-config.xml看起来像:
<托管bean渴望="true">
<托管bean名称>securityBean<托管bean名称><托管bean类>com.ecom.scarer.security.SecurityBean<托管bean类><托管bean范围>应用程序<托管bean范围>
<托管属性><属性名称>loginBD<属性名称><值>{loginBD}<值><托管属性>
<托管bean>
然后将一个名为SecurityBean的类定义为:
public class SecurityBean implements Serializable {
// attributes
private LoginBD loginBD;
public void setLoginBD(LoginBD loginBD) {
this.loginBD = loginBD;
}
public UserSession getUserSessionById(String sessionId) throws InvalidSessionException{
// get the session id
UserSession us = loginBD.getSession(sessionId);
return us;
}
}
我有一个过滤器作为:
public class SecurityFilter implements Filter{
private ServletContext servletContext;
// --------------- overridden method for Filter interface ---------------
public void init(FilterConfig filterConfig) throws ServletException {
servletContext = filterConfig.getServletContext();
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
Map<String, String[]> paramMap = request.getParameterMap();
FacesContext facesContext = getFacesContext(request, response);
// get the application bean for security
SecurityBean sb = (SecurityBean)getApplicationBean("securityBean", facesContext);
// values needed from the parameter
String[] vals = paramMap.get("accountId");
String accId = (vals != null && vals.length > 0)? vals[0] : null;
System.out.println("Account id .................. = " + accId);
String[] sessionIds = paramMap.get("sessionId");
String sessionId = (sessionIds != null && sessionIds.length > 0)? sessionIds[0] : null;
System.out.println("The session ...................... = " + sessionId);
try {
UserSession us = sb.getUserSessionById(sessionId);
} catch (InvalidSessionException e) {
System.out.println("Invalid session exception ");
e.printStackTrace();
}
chain.doFilter(request, response);
}
public void destroy() {
// do nothing
}
// --------------- for fetching the FacesContext
// You need an inner class to be able to call FacesContext.setCurrentInstance
// since it's a protected method
private abstract static class InnerFacesContext extends FacesContext {
protected static void setFacesContextAsCurrentInstance(FacesContext facesContext) {
FacesContext.setCurrentInstance(facesContext);
}
}
private FacesContext getFacesContext(ServletRequest request, ServletResponse response) {
// Try to get it first
FacesContext facesContext = FacesContext.getCurrentInstance();
if (facesContext != null) return facesContext;
FacesContextFactory contextFactory = (FacesContextFactory)FactoryFinder.getFactory(FactoryFinder.FACES_CONTEXT_FACTORY);
LifecycleFactory lifecycleFactory = (LifecycleFactory)FactoryFinder.getFactory(FactoryFinder.LIFECYCLE_FACTORY);
Lifecycle lifecycle = lifecycleFactory.getLifecycle(LifecycleFactory.DEFAULT_LIFECYCLE);
// Either set a private member servletContext = filterConfig.getServletContext();
// in you filter init() method or set it here like this:
// ServletContext servletContext = ((HttpServletRequest)request).getSession().getServletContext();
// Note that the above line would fail if you are using any other protocol than http
// Doesn't set this instance as the current instance of FacesContext.getCurrentInstance
facesContext = contextFactory.getFacesContext(servletContext, request, response, lifecycle);
// Set using our inner class
InnerFacesContext.setFacesContextAsCurrentInstance(facesContext);
// set a new viewRoot, otherwise context.getViewRoot returns null
UIViewRoot view = facesContext.getApplication().getViewHandler().createView(facesContext, "yourOwnID");
facesContext.setViewRoot(view);
return facesContext;
}
/**
*
* The method fetches the application bean for the given bean name.
* The object returned should be cast correctly to the bean
*
* @param beanName - the name of bean as described in JSF config
* @return - The bean as object. It should be cast to correct bean object before using
*/
private Object getApplicationBean(String beanName, FacesContext fContext) {
Object bean = fContext.getExternalContext().getApplicationMap().get(beanName);
return bean;
}
}
现在,当我运行这个时,我在服务器中遇到了以下问题:
SEVERE: Critical error during deployment:
com.sun.faces.mgbean.ManagedBeanCreationException: Unable to set property loginBD for managed bean securityBean
at com.sun.faces.mgbean.ManagedBeanBuilder$BakedBeanProperty.set(ManagedBeanBuilder.java:615)
at com.sun.faces.mgbean.ManagedBeanBuilder.buildBean(ManagedBeanBuilder.java:133)
at com.sun.faces.mgbean.BeanBuilder.build(BeanBuilder.java:104)
at com.sun.faces.mgbean.BeanManager.createAndPush(BeanManager.java:409)
at com.sun.faces.mgbean.BeanManager.create(BeanManager.java:269)
at com.sun.faces.mgbean.BeanManager.create(BeanManager.java:256)
at com.sun.faces.config.ConfigureListener.contextInitialized(ConfigureListener.java:255)
at org.apache.catalina.core.StandardContext.contextListenerStart(StandardContext.java:4690)
at com.sun.enterprise.web.WebModule.contextListenerStart(WebModule.java:534)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:5305)
at com.sun.enterprise.web.WebModule.start(WebModule.java:500)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:917)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:901)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:755)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1980)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1630)
at com.sun.enterprise.web.WebApplication.start(WebApplication.java:100)
at org.glassfish.internal.data.EngineRef.start(EngineRef.java:130)
at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:269)
at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:286)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:461)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:240)
at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:370)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$1.execute(CommandRunnerImpl.java:355)
at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:370)
at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1067)
at com.sun.enterprise.v3.admin.CommandRunnerImpl.access$1200(CommandRunnerImpl.java:96)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1247)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1235)
at com.sun.enterprise.v3.admin.AdminAdapter.doCommand(AdminAdapter.java:465)
at com.sun.enterprise.v3.admin.AdminAdapter.service(AdminAdapter.java:222)
at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:168)
at com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:234)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:822)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:719)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1013)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered?
at org.springframework.web.jsf.FacesContextUtils.getRequiredWebApplicationContext(FacesContextUtils.java:83)
at org.springframework.web.jsf.el.SpringBeanFacesELResolver.getWebApplicationContext(SpringBeanFacesELResolver.java:91)
at org.springframework.web.jsf.el.SpringBeanFacesELResolver.getBeanFactory(SpringBeanFacesELResolver.java:79)
at org.springframework.beans.factory.access.el.SpringBeanELResolver.getValue(SpringBeanELResolver.java:50)
at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:176)
at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:203)
at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:99)
at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:219)
at com.sun.faces.mgbean.BeanBuilder$Expression.evaluate(BeanBuilder.java:591)
at com.sun.faces.mgbean.ManagedBeanBuilder$BakedBeanProperty.set(ManagedBeanBuilder.java:606)
... 47 more
如何获取loginBD属性(在faces-config中定义为属性)的句柄?有没有办法手动(通过代码)注入这个属性?或者有其他方法来处理这个问题吗?
这不是在servlet过滤器中获取应用程序范围的托管bean的正确方法。您不需要手动为其创建整个FacesContext。应用程序范围的托管bean存储为servletcontext属性,托管bean名称为键。
因此,在您的doFilter()方法中,只需执行:
ServletContext context = request.getServletContext();
SecurityBean securityBean = (SecurityBean) context.getAttribute("securityBean");
// ...
至于您的具体问题,在第一次初始化JSF之前,您似乎需要这个bean。在这种情况下,当它是null时,您确实需要自己创建它。
if (securityBean == null) {
securityBean = new SecurityBean();
securityBean.setLoginBD(new LoginBD()); // Or get it from application scope?
context.setAttribute("securityBean", securityBean);
}
// ...
与具体问题无关我对这种设计方法打了很多问号。但由于具体的功能要求尚不明确,我无法提出正确的方法。至少,您似乎正在重新发明容器管理的身份验证和/或HttpSession、会话范围的托管bean、EJB等已经提供的东西。这是不对的。这是不必要的过于复杂。