


i found a solution in stackoverflow how to code a login in JSF using HttpServletRequest.First things first, the login.xhtml:

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"

    <h3>Login here</h3>
    <h:form id="loginForm">
        <h:outputLabel for="username" value="Username:" />
        <h:inputText value="#{loginService.userName}" id="username" requried="true" />
        <h:outputLabel for="password" value="Password:" />
        <h:inputSecret value="#{loginService.password}" id="password" requried="true" />
        <h:commandButton id="button" value="Login" action="#{loginService.doLogin}" />
        <h:commandLink action="#{navigationService.redirectToIndex}" value="Home" />
        <h:messages />


The loginService:

public class LoginService implements Serializable {

private String userName = "";
private String password = "";
private NavigationService navigationService = null;
private String originalURL = "";

public void init() {
    ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();

    this.originalURL = (String) externalContext.getRequestMap().get(RequestDispatcher.FORWARD_REQUEST_URI);

    if(this.originalURL == null) {
        this.originalURL = externalContext.getRequestContextPath() + navigationService.toIndex();
    } else {
        String originalQuery = (String) externalContext.getRequestMap().get(RequestDispatcher.FORWARD_QUERY_STRING);

        if(originalQuery != null) {
            this.originalURL += "?" + originalQuery;

 * @return
 * @throws IOException
public void doLogin() throws IOException {
    FacesContext context = FacesContext.getCurrentInstance();
    ExternalContext externalContext = context.getExternalContext();
    HttpServletRequest request = (HttpServletRequest)externalContext.getRequest();

    try {
        request.login(this.userName, this.password);

        User user = dao.findUserByUserName(userName);

        externalContext.getSessionMap().put("user", user);
    } catch(ServletException e) {
        context.addMessage(null, new FacesMessage("Unknown login"));
    } catch (NoSuchUserException e) {
        context.addMessage(null, new FacesMessage(e.getMessage()));

 * @return
 * @throws IOException
public void doLogout() throws IOException {
    ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();

    externalContext.redirect(externalContext.getRequestContextPath() + navigationService.toLogin());

// Getters and Setters


The only thing i still need to know is now:


Where can i define for which pages login is needed?


建议的解决方案是:将所有需要记录的页面放在一个位置(文件夹,例如:"private_section"),而不需要的页面放在一个位置. (公共访问)应放在项目上下文中的任何位置,文件夹"private_section"下除外.然后,您可以使用简单的过滤器来控制对私有区域(对我们文件夹的访问)的访问,并通过此模式(第一个注释)可以指定要控制的区域:

A suggested solution is: putting all the pages requiring logging under one place (folder, ex: "private_section"), and the pages that don't need it (public access) are to be put wherever in the project context except under the folder "private_section". Then you can use a simple filter to control accessing to the private region (to our folder), and through this pattern (first annotation) you can specify the region to be controlled :

// imports

public class LoggingFilter implements Filter {

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest)request;
    HttpServletResponse res = (HttpServletResponse)response;
    UserBean user = (UserBean) req.getSession().getAttribute("user");
    if (user != null && user.isLoggedIn()){
    else res.sendRedirect(req.getContextPath()+"/index.xhtml");

// other overriden methods


08-24 13:30