0
假设我没有任何的网页“密码保护”,但有时需要知道哪些用户点击一些JSF的按钮,是下面的好,或者我应该也使用HttpServletRequest.login()我可以跳过HttpServletRequest.login(),只需将会话中的authed用户?
一些托管Bean,它的手柄登录:的commandButton:
public void login(String name, String password) {
try {
HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
MyUser user = userEjb.login(name, password);
request.getSession().setAttribute("user", user);
} catch {
//login failed message..
}
}
方法由H调用
public void doSomething() {
HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
MyUser user = request.getSession().getAttribute("user");
//Is the user object 'safe' here?
}
谢谢。好的提示,以尽量减少投入会议的对象 – 2013-05-01 14:23:13