第3次登录失败时Jetty UserRealm重定向 [英] Jetty UserRealm redirect on 3th failed login
问题描述
如果我有一个自定义的Jetty UserRealm实现并将其配置为用于基本身份验证(使用SSL),是否有任何方法可以使它在第3次失败登录后进入特定页面?
如果我的用户在3次尝试后仍无法登录,我真的想向他们显示一些联系信息.
或者可以显示我从
抛出的异常public Principal authenticate(final String username, final Object credentials, final Request request)
将其配置为基本身份验证时的方法?
谢谢 尼尔
BasicAuthenticator负责在请求中没有有效凭据时发送403响应.
看看Jetty 6的源代码,最好是将BasicAuthenticator子类化并覆盖public void sendChallenge(UserRealm realm,Response response)
public class MyAuthenticator extends BasicAuthenticator {
@Override
public void sendChallenge(UserRealm realm, Response response) {
int numberOfAttempts = getNumberOfAuthenticationAttempts();
if (numberOfAttempts > 3) {
sendContactDetails(realm, response);
}
else
super.sendChallenge(realm, response);
}
protected int getNumberOfAuthenticationAttempts() { ... }
protected void sendContactDetails(Response response) { ... }
}
显然,这样做的问题是您无权访问HttpServletRequest,这可能会使跟踪请求的尝试更加困难.您可能可以通过HttpConnection.getCurrentConnection()对此进行访问.否则,BasicAuthenticator的代码不会在没有大量复制/粘贴的情况下扩展自身,但是在您的情况下可能没问题.
我忽略了在相同的身份验证尝试中如何跟踪请求数量的问题,这将取决于客户端的连接方式.
或者,您可以在上下文中设置ErrorHandler,该上下文在调用HttpResponse.sendError时使用,当您在自己的领域中引发异常时就是这种情况.
我可能会选择使用第一种方法,因为它可以更清楚地区分职责.
If I have a custom Jetty UserRealm implementation and its configured for basic authentication (with SSL), is there any way to get it to go to an specific page after the 3rd failed login?
Well really I just want to display some contact information to the user if they cannot login after 3 attempts.
Alternatively is it possible to display the exception which I throw from the
public Principal authenticate(final String username, final Object credentials, final Request request)
method when its configured as basic authentication?
Thanks Neil
The BasicAuthenticator is responsible for sending the 403 response when there's no valid credentials in the request.
Looking at the Jetty 6 source, you're best bet is probably to subclass the BasicAuthenticator and override public void sendChallenge(UserRealm realm,Response response)
public class MyAuthenticator extends BasicAuthenticator {
@Override
public void sendChallenge(UserRealm realm, Response response) {
int numberOfAttempts = getNumberOfAuthenticationAttempts();
if (numberOfAttempts > 3) {
sendContactDetails(realm, response);
}
else
super.sendChallenge(realm, response);
}
protected int getNumberOfAuthenticationAttempts() { ... }
protected void sendContactDetails(Response response) { ... }
}
Obviously the problem doing this is that you don't have access to the HttpServletRequest which may make tracking request attempts more difficult. You could probably gain access to this via HttpConnection.getCurrentConnection(). Otherwise the code for BasicAuthenticator doesn't lend itself to extension without a blob of copy/paste, but that may be OK in your case.
I'm ignoring the issue of how you track the number of requests have been made in the same authentication attempt, that's going to be dependent upon how your clients are connecting.
Alternatively you can set the ErrorHandler on the context, which is used when HttpResponse.sendError is called, which will be the case when you throw an exception in your realm.
I'd probably opt to use the first method as it more clearly separates responsibilities.
这篇关于第3次登录失败时Jetty UserRealm重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
