在Glassfish上进行领域身份验证后重定向 [英] Redirect after Realm authentication on Glassfish
问题描述
我目前正在Glassfish上运行JPA/EJB/JSF应用程序,并使用安全性JDBC领域进行身份验证.该领域可以很好地满足需求,直到客户要求对导航进行小的更改.
I'm currently running a JPA/EJB/JSF application on Glassfish and using the security JDBC realm for authentication. The realm works pretty well, fulfilling the requirements, until the customer asked for a small change on the navigation.
今天,如果您尝试访问受保护的页面,那么身份验证机制会将您重定向到web.xml中指定的登录页面.完美的!身份验证成功后,您将被重定向回您尝试访问的页面.很公平.但是,客户决定在每次成功验证之后,无论用户之前尝试访问哪个页面,都应将用户重定向到主页.问题是,如何在每次成功身份验证后更改领域以重定向到固定页面?
Today, if you try to access a protected page, the authentication mechanism will redirect you to a login page specified in the web.xml. Perfect! Once the authentication is successful, you are redirected back to the page you were trying to access. Fair enough. However, the customer decided that after every successful authentication, the user should be redirected to the home page instead, no matter which page he/she was trying to access before. The question is, how can we change the realm in order to be redirected to a fixed page after every successful authentication?
推荐答案
您不能.容器管理的身份验证不允许进行细粒度的配置(这就是为什么第三方身份验证框架(如 Apache Shiro 和 Spring Security 存在).
You can't. The container managed authentication doesn't allow that fine grained configuration (which is exactly why 3rd party authentication frameworks like Apache Shiro and Spring Security exist).
您最好的选择是用,该<h:form>会提交给这样的JSF操作方法
Your best bet is to replace the container managed login by a programmatic login. Change the <form action="j_security_check"> by a <h:form> which submits to a JSF action method like this
public void login() throws IOException {
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext externalContext = context.getExternalContext();
HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
try {
request.login(username, password);
externalContext.redirect(homepageURL);
} catch (ServletException e) {
context.addMessage(null, new FacesMessage("Unknown login"));
}
}
另请参见:
- 执行使用j_security_check 在Java EE/JSF中进行用户身份验证
- Performing user authentication in Java EE / JSF using j_security_check
See also:
这篇关于在Glassfish上进行领域身份验证后重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
