“remember me” functionality with jsf 2.0

两盒软妹~` 提交于 2019-12-20 05:15:08

问题


I am trying to implement "remember me"/"autologin" functionality. I have stored a cookie at the client but when should I read it? If I try to do that in a filter, for example, I won't have access to my application-scoped beans which I use to access the db.

What are the best practices to do that?


回答1:


It depends a little on how your current login exactly works. Is it a container login followed by custom stuff (like putting some object in the session) or only custom?

In the first case you can't do an auto-login completely in JSF, since the container will kick-in whenever the uses tries to access a protected resource. In that case you still need to do the container login part in a Filter (HttpServletRequest#login).

For both the first and second case, the JSF part can be done via a global PhaseListener. In this case you could listen to a very early event, e.g. before RESTORE_VIEW. In this event handler, you can check the session for whatever object your put in there to flag your login, and if it's not there use the HttpServletRequest to check if there's a "remember me" cookie and proceed with the login if needed. When the PhaseListener is called, JSF is fully operational and you can access your application scoped managed beans.

If you only use an object in the session and don't bother doing any container login, then you can simply skip the first part.

p.s.

Another option is not to put any DB stuff in JSF managed beans, so you don't need JSF operational in order to access your DB. In a Java EE application, EJB beans are alternative candidates (and actually better suited for this job). They can be injected into your filter and used to access the DB before the JSF life-cycle starts. Next to EJB beans, CDI beans are also an option. In many ways, these are better alternatives for JSF managed beans anyway.




回答2:


Session scope will keep content for as long as a session is active, combine it with a state persistence either in DB or via a cookie.

Non of the scopes will really "remember" your state by itself, the best you can do is persist the state to the DB and when the user returns, restore it as best as possible and push the data into a sessionscoped bean.

Otherwise extend the sessionscope's session via a cookie

FacesContext.getCurrentInstance().getExternalContext.addResponseCookie(..)


来源:https://stackoverflow.com/questions/6321309/remember-me-functionality-with-jsf-2-0

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!