使用Java EE Form身份验证登录后访问用户详细信息 [英] Accessing user details after logging in with Java EE Form authentication

问题描述

我已经实现了Java EE安全领域，如果用户尝试访问受保护资源，则会将用户重定向到login.jsp。

I have implemented a Java EE security realm that redirects users to login.jsp if they try and access a protected resource.

• 假设用户想要访问受保护的网址 - http：// mywebapp / shopping_cart 映射到ShoppingCartServlet


• 因为他们没有登录Glassfish将他们导向login.jsp


• 他们然后输入他们的用户名和密码然后单击登录，信息将发布到 http：// mywebapp / j_security_check


• 如果他们输入了正确的详细信息，那么他们就是重定向到处理URL的servlet http：// mywebapp / shopping_cart

• Say a user wants to go to a protected url - http://mywebapp/shopping_cart which is mapped to ShoppingCartServlet
• As they are not logged in Glassfish directs them to login.jsp
• They then enter their username and password and click Login and the information gets POSTed to http://mywebapp/j_security_check
• If they have entered the correct details they are then redirected to the servlet that handles the url http://mywebapp/shopping_cart

现在我想从数据库中提取用户的详细信息，但是如果重定向请求中没有参数，我该怎么办？

Now I want to pull the user's details from the database but how can I when there are no parameters in the redirect request?

他们的用户名被发送到 http：// mywebapp / j_security_check 但重定向请求中没有j_security_check对 http：// mywebapp / shopping_cart 进行的参数。那么登录后用什么方法来访问用户的详细信息？

Their username was sent to http://mywebapp/j_security_check but there are no parameters in the redirect request that j_security_check makes to http://mywebapp/shopping_cart. So what method is used to access the user's details once they log in?

推荐答案

创建filter ，用于检查用户是否已登录，而数据库中没有关联的用户对象在会议中。然后，只需加载该数据并进入会话。

Create a filter which checks if the user is logged in while no associated User object from the database is present in the session. Then, just load that data and put in session.

基本上，

@WebFilter("/*")
public class UserFilter implements Filter {

    @EJB
    private UserService service;

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        String remoteUser = request.getRemoteUser();

        if (remoteUser != null) {
            HttpSession session = request.getSession();

            if (session.getAttribute("user") == null) {
                User user = service.find(remoteUser);
                session.setAttribute("user", user);
            }
        }

        chain.doFilter(req, res);
    }

    // ...
}

这篇关于使用Java EE Form身份验证登录后访问用户详细信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！