مشكة فى عمل Filter على ال Admin Page

[shokry3 0]

السلام عليكم

اكنت اريد حلا لهذه المشكلة

وهى بتوضيح انى اعمل invalidate لل session عند الضغط على log out link ولكن عند الضغط على back فى ال browser أعود الى هذه الصفحة مرة اخرى

مع العلم انى قمت بعمل filter  على هذه الصفحة لمنع الدخول اليها الا بعد عمل log in اولا

 

هذه هى صفحة ال     adminTamplate.xhtm

<?xml version='1.0' encoding='UTF-8' ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"xmlns:h="http://java.sun.com/jsf/html"xmlns:p="http://primefaces.org/ui"xmlns:f="http://java.sun.com/jsf/core"xmlns:ui="http://java.sun.com/jsf/facelets"><h:head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link href="./resources/css/default.css" rel="stylesheet" type="text/css" /><link href="./resources/css/cssLayout.css" rel="stylesheet" type="text/css" /><title>Welcome</title></h:head><h:body style="background: url('./resources/images/back.jpg') no-repeat center center fixed; width: 100%; height: 100%"><div id="top" ><h:graphicImage value="./resources/images/univ1.jpg" width="850" height="200"/></div><div id="content" class="center_content" style="background-color: white;"><div class="header"><h:graphicImage value="./resources/images/univ.jpg" width="700" height="50"/></div><p:toolbar styleClass="tabHeader"><p:toolbarGroup styleClass="width_100" align="left"><h:form styleClass="width_100"><p:commandButton id="adminUniversityId" action="adminUniversity.xhtml" value="University" ajax="false" styleClass='#{facesContext.getViewRoot().getViewId().equals("/adminUniversity.xhtml")?"tab homeTabSelected":"tab homeTab"}'/><p:commandButton id="adminTopicsId" action="adminTopics.xhtml" value="Admins" ajax="false" styleClass='#{facesContext.getViewRoot().getViewId().equals("/adminTopics.xhtml")?"tab homeTabSelected":"tab homeTab"}'/><p:commandButton id="adminRegisterId" action="adminRegister.xhtml" value="Register" ajax="false" styleClass='#{facesContext.getViewRoot().getViewId().equals("/adminRegister.xhtml")?"tab homeTabSelected":"tab homeTab"}'/><p:commandButton id="adminReportsId" action="adminReports.xhtml" value="Reports" ajax="false" styleClass='#{facesContext.getViewRoot().getViewId().equals("/adminReports.xhtml")?"tab homeTabSelected":"tab homeTab"}'/></h:form></p:toolbarGroup><p:toolbarGroup styleClass="width_100" align="right"><p:commandLink value="Welcome: #{facesContext.externalContext.sessionMap['userName']}   |   sign out" action="#{userlogin.logout()}" styleClass="signOut">sign out</p:commandLink></p:toolbarGroup></p:toolbar><ui:insert name="content"><ui:include src="/superAdmin.xhtml"/></ui:insert></div><div id="bottom" ><center><hr> </hr><br/><font size="3" style="font-weight: bold; color:#DA70D6">(c) Copyright ITShop 2013. All rights reserved.</font></center></div></h:body></html>

وهذ هو كود ال log in and log out

//login and logout method...........public String login() {try {Connection con = Database.getConnection();Statement stam = con.createStatement();ResultSet rs = stam.executeQuery("select * from users where username ='" + username + "'");while (rs.next()) {user.setName(rs.getString("name"));user.setUserName(rs.getString("username"));user.setPassword(rs.getString("password"));user.setAge(rs.getString("age"));user.setUniversityId(rs.getInt("universityId"));user.setFacultyId(rs.getInt("facultyId"));user.setRole(Role.valueOf(rs.getString("role")));user.setUserClass(rs.getInt("class"));name = user.getName();age = user.getAge();setUser(user);}if (user != null & (user.getPassword() == null ? password == null : user.getPassword().equals(password))) {error = null;ExternalContext external = FacesContext.getCurrentInstance().getExternalContext();Map<String, Object> session = external.getSessionMap();session.put("fullName", user.getName());session.put("userName", username);session.put("userAge", user.getAge());session.put("userClass", user.getUserClass());session.put("userRole", user.getRole());session.put("userFaculty", getFacultyName(user.getFacultyId()));session.put("userFacultyId", user.getFacultyId());if (user.isUser()) {return "/index.xhtml";} else {//return "/superAdmin.xhtml";return "/adminTemplate.xhtml";}}} catch (Exception e) {System.out.println("Error In Userlogin.Login() -->" + e.getMessage());}error = "invalid username or password";return "/login.xhtml";}// logout method...........public String logout() {FacesContext.getCurrentInstance().getExternalContext().invalidateSession();return "login.xhtml?faces-redirect=true";} 

وهذه هى ال filter class

AdminFilter.java

/** To change this template, choose Tools | Templates* and open the template in the editor.*/package filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/**** @author shokry*/public class AdminFilter implements Filter {@Overridepublic void init(FilterConfig filterConfig) throws ServletException {}@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) request;String userRole = req.getSession(true).getAttribute("userRole").toString();if (!"SUPER".equals(userRole) || userRole==null) {HttpServletResponse res = (HttpServletResponse) response;res.sendRedirect(req.getContextPath() + "/login.xhtml");return;}chain.doFilter(request, response);}@Overridepublic void destroy() {}} 

وهذا هو ال filter tag فى ال web.xml

<filter><filter-name>AdminFilter</filter-name><filter-class>filter.AdminFilter</filter-class></filter><filter-mapping><filter-name>AdminFilter</filter-name><url-pattern>/adminTemplate.xhtml</url-pattern><url-pattern>/adminUniversity.xhtml</url-pattern><url-pattern>/adminTopics.xhtml</url-pattern><url-pattern>/adminRegister.xhtml</url-pattern><url-pattern>/adminReports.xhtml</url-pattern></filter-mapping><error-page><exception-type>javax.faces.application.ViewExpiredException</exception-type><location>/login.xhtml</location></error-page>

شكرا وارجو الافادة السريعة

[Mr.B 667]

عند عمل عودة فقد لايعيد المتصفح تحميل الصفحة من جديد، جرّب أن تعمل تحديث للصفحة وانظر هل خرج المستخدم أم لا. لتجاوز مثل هذه المشكلة هي أن تعيد تحويل المستخدم لصفحة أخرى كالصفحة الرئيسية أو الصفحة الحالية مثل /logout?return=/blog/323/ ، إن كانت صفحة تتطلب تسجيل دخول فسيعاد تحويله لصفحة الدخول.