Java:拦截所有请求，然后再进行登录身份验证 [英] Java : Intercept all requests before they go to login authentication

问题描述

我想先在过滤器中拦截所有请求.我也有适用于所有请求的登录身份验证，即过滤器和登录身份验证都配置为拦截所有请求.

I want to intercept ALL the requests in a filter first. I also have a login authentication which is applied to ALL the requests i.e. both the filter and login authentication are configured to intercept ALL the requests.

但是，当发出任何请求时，首先会被尝试呈现登录页面的登录身份验证拦截.我希望请求首先被过滤器拦截，然后再被登录身份验证拦截.

However, when any request is made, it is first intercepted by login authentication which tries to render login page. I would like the request to be intercepted by the filter first and then by the login authentication.

以下为相关代码.

web.xml

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="WebApp_ID" version="2.5">
    <display-name>Tango</display-name>

    <filter>
        <filter-name>SalsaValidationFilter</filter-name>
        <filter-class>net.semandex.salsa.validationFilters.SalsaValidationFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>SalsaValidationFilter</filter-name>
        <url-pattern>/*</url-pattern>
        <!-- <servlet-name>SalsaValidationServlet</servlet-name> -->
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>

    <session-config>
        <session-timeout>20</session-timeout>
    </session-config>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Login page images</web-resource-name>
            <url-pattern>/images/salsadb-logo2.png</url-pattern>
            <url-pattern>/images/salsa-icon.png</url-pattern>
            <url-pattern>/images/shadow_box.png</url-pattern>
            <url-pattern>/images/header.png</url-pattern>
            <url-pattern>/images/bg.png</url-pattern>
            <url-pattern>/css/splash.css</url-pattern>
            <url-pattern>/WEB-INF/licenseValidation.html</url-pattern>
            <url-pattern>/auth/licenseValidation.html</url-pattern>
        </web-resource-collection>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>The entire webapp</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>SalsaUser</role-name>
        </auth-constraint>
    </security-constraint>

    <security-role>
        <role-name>SalsaUser</role-name>
    </security-role>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
          <form-login-page>/auth/login.jsp</form-login-page>
          <form-error-page>/auth/loginError.jsp</form-error-page>
        </form-login-config>

        <realm-name>mongo_login</realm-name>
    </login-config>
</web-app>

更多详细信息: 这就是发生的事件的流程.假设提出了对首页的请求，它首先由登录身份验证处理，该身份验证尝试呈现登录页面.登录页面上有一些图像和CSS.因此，要求这些图像.这些请求被过滤器拦截.

Some more details: This is the flow of events that happen. Let's say request for home page is made, it is first handled by login authentication which tries to render the login page. Login page has some images and css. Hence requests are made for these images. These requests are intercepted by the filter.

过滤器

public class SalsaValidationFilter implements Filter {

    private ServletContext context;

    public void init(FilterConfig fConfig) throws ServletException {
        this.context = fConfig.getServletContext();
        this.context.log("SalsaValidationFilter initialized");
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;

        String uri = req.getRequestURI();
        this.context.log("Requested Resource::"+uri);

        HttpSession session = req.getSession(false);

        boolean licenseValid = false;
        if( !licenseValid && !uri.endsWith("licenseValidation.html") ){
            this.context.log("NO valid license was found");
            // pass the request along the filter chain
            res.sendRedirect( req.getContextPath() +  "/auth/licenseValidation.html");
            return;
        }
        //else{
            chain.doFilter(req, res);
        //}
    }

    public void destroy() {
        //close any resources here
    }

}

有什么主意可以确保过滤器首先拦截请求吗?

Any idea how I can ensure that filter intercepts the requests first?

推荐答案

有什么主意可以确保过滤器首先拦截请求吗?

Any idea how I can ensure that filter intercepts the requests first?

您需要安装一种称为ServerAuthModule的特殊过滤器，也称为SAM.

You need to install a special kind of filter called a ServerAuthModule, also known as a SAM.

这个特殊的过滤器来自Java EE的JASPIC规范，在调用任何其他过滤器或servlet之前被调用，它是您应在Java EE中执行与安全性相关的工作的专用位置.

This special filter comes from Java EE's JASPIC spec and is called before any other filter or servlet is called, and it's the dedicated place where you should do things related to security in Java EE.

这篇关于Java:拦截所有请求，然后再进行登录身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！