如何使用Java EE 6 / Glassfish实现重定向到登录页面 [英] How to implement redirect to login-page with Java EE 6/Glassfish
本文介绍了如何使用Java EE 6 / Glassfish实现重定向到登录页面的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我试图在登录后实现重定向,这意味着我无法再使用glassfish内置的表单身份验证设置,自动处理这些事情。首先,我需要在请求受保护的页面时控制重定向到登录页面。据我所知,这是用过滤器完成的。这个方法可以与web-xml中的安全约束结合吗?实际上,我的过滤器根本不会被调用,因为glassfish只是接管并向用户抛出一个基本的登录框,即使没有设置登录配置,也会忽略所有过滤器。基本上,我没有设法在用户登录之前调用过滤器,当在glassfish中配置安全约束时。
我是否真的需要手动接管安全在这个工作过滤器?如果是这样的话,这个实现看起来很可怕。
使用带有JSF 2的glassfish 3.1和用request.login手动登录的自定义登录页面。 b
web.xml。
<?xml version =1.0encoding =UTF- 8\" >?;
< web-app version =3.0xmlns =http://java.sun.com/xml/ns/javaeexmlns:xsi =http://www.w3.org/2001/ XMLSchema-instancexsi:schemaLocation =http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd\">
< context-param>
< param-name> javax.faces.PROJECT_STAGE< / param-name>
<参数值><! - 生产 - >开发< /参数值>
< / context-param>
< context-param>
< param-name> com.sun.faces.expressionFactory< / param-name>
< param-value> de.odysseus.el.ExpressionFactoryImpl< / param-value>
< / context-param>
< filter-mapping>
< filter-name> LoginFilter< / filter-name>
< url-pattern> / *< / url-pattern>
< / filter-mapping>
< servlet>
< servlet-name> Faces Servlet< / servlet-name>
< servlet-class> javax.faces.webapp.FacesServlet< / servlet-class>
<加载启动> 1< /加载启动>
< / servlet>
< servlet-mapping>
< servlet-name> Faces Servlet< / servlet-name>
< url-pattern> *。jsf< / url-pattern>
< / servlet-mapping>
< filter>
< filter-name> LoginFilter< / filter-name>
< filter-class> com.xdin.competence.jsf.util.LoginFilter< / filter-class>
< / filter>
< session-config>
< session-timeout> 60< / session-timeout>
< / session-config>
< welcome-file-list>
< welcome-file> index.jsf< / welcome-file>
< / welcome-file-list>
<! - <错误页面>
< / exception-type> javax.faces.application.ViewExpiredException< / exception-type>
< location> /viewExpired.jsf< / location>
< / error-page> - >
< security-constraint>
< display-name> ManagerArea< / display-name>
< web-resource-collection>
< web-resource-name> ManagerArea< / web-resource-name>
< description />
< url-pattern> / manager / *< / url-pattern>
< / web-resource-collection>
< auth-constraint>
< description />
<角色名称>经理角色< /角色名称>
<角色名称>管理角色< /角色名称>
< / auth-constraint>
< / security-constraint>
< security-constraint>
< display-name> EmployeeArea< / display-name>
< web-resource-collection>
< web-resource-name> EmployeeConstraint< / web-resource-name>
< description />
< url-pattern> /user/Overview.jsf< / url-pattern>
< url-pattern> /user/PrepareReport.jsf< / url-pattern>
< url-pattern> /user/Search.jsf< / url-pattern>
< / web-resource-collection>
< auth-constraint>
< description />
<角色名称>员工角色< /角色名称>
<角色名称>管理角色< /角色名称>
<角色名称>经理角色< /角色名称>
<角色名称> OKIF角色< /角色名称>
< / auth-constraint>
< / security-constraint>
< security-constraint>
< display-name> AdminArea< / display-name>
< web-resource-collection>
< web-resource-name> AdminCompetence< / web-resource-name>
< description />
< url-pattern> / admin / *< / url-pattern>
< / web-resource-collection>
< auth-constraint>
< description />
<角色名称>管理角色< /角色名称>
< / auth-constraint>
< / security-constraint>
< security-constraint>
< display-name> UserArea< / display-name>
< web-resource-collection>
< web-resource-name> UserConstraint< / web-resource-name>
< description />
< url-pattern> /index.jsf< / url-pattern>
< url-pattern> /template.jsf< / url-pattern>
< url-pattern> /user/UserDetail.jsf< / url-pattern>
< url-pattern> /user/UserInformation.jsf< / url-pattern>
< url-pattern> / print / *< / url-pattern>
< / web-resource-collection>
< auth-constraint>
< description />
<角色名称>员工角色< /角色名称>
<角色名称>管理角色< /角色名称>
<角色名称>经理角色< /角色名称>
<角色名称> OKIF角色< /角色名称>
< / auth-constraint>
< / security-constraint>
<! - < login-config>
< auth-method> FORM< / auth-method>
< form-login-config>
< form-login-page> /login.jsf< / form-login-page>
< form-error-page> /login.jsf< / form-error-page>
< / form-login-config>
< / login-config> - >
< security-role>
< description />
<角色名称>员工角色< /角色名称>
< / security-role>
< security-role>
< description />
<角色名称>管理角色< /角色名称>
< / security-role>
< security-role>
< description />
<角色名称>经理角色< /角色名称>
< / security-role>
< security-role>
< description />
<角色名称> OKIF角色< /角色名称>
< / security-role>
< / web-app>
以及我的过滤器:
public class LoginFilter implements Filter {
$ b $ private FilterConfig filterConfig = null;
public LoginFilter(){
}
@Override
public void doFilter(ServletRequest request,ServletResponse response,
FilterChain chain)
抛出IOException,ServletException {
HttpServletRequest req =(HttpServletRequest)请求;
HttpServletResponse res =(HttpServletResponse)响应;
if(req.getUserPrincipal()== null){
req.getSession()。setAttribute(from,req.getRequestURI());
res.sendRedirect(/ login.jsf);
} else {
chain.doFilter(request,response);
$ b @Override
public void destroy(){
}
@Override
public void init(FilterConfig filterConfig){
this.filterConfig = filterConfig;
}
}
解决方案
在您的自定义登录表单中,添加以下隐藏字段:
< input type =hiddenname = fromvalue =#{requestScope ['javax.servlet.forward.request_uri']}/>
您在JSF中设置如下
@ManagedProperty(value =#{param.from})
private String from;
并在login action方法中重定向如下:
if(from!= null){
externalContext.redirect(from);
}
不需要过滤器。
I'm trying to implement a redirect after login, which means I can't use glassfish built-in form authentication settings anymore that handles such things automatically. So first thing's first, I need to take control over redirecting to a login page when requesting a protected page. As I understand, this is done with a filter. Can this method be combined with security-constraints in web-xml? As it is, my filter is not called at all since glassfish just takes over and throws a basic loginbox at the user and ignores all filters even when no login configuration is set. Basicly, I have not managed to get a filter called before a user has logged in when security constraints are configured in glassfish.
Do I really need to take over security completly manually in a filter for this to work? If that's the case, the implementation seems horrible.
Using glassfish 3.1 with JSF 2 and a custom loginpage logging in manually with request.login.
web.xml.
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value><!--Production-->Development</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.expressionFactory</param-name>
<param-value>de.odysseus.el.ExpressionFactoryImpl</param-value>
</context-param>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.xdin.competence.jsf.util.LoginFilter</filter-class>
</filter>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsf</welcome-file>
</welcome-file-list>
<!--<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/viewExpired.jsf</location>
</error-page>-->
<security-constraint>
<display-name>ManagerArea</display-name>
<web-resource-collection>
<web-resource-name>ManagerArea</web-resource-name>
<description/>
<url-pattern>/manager/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Manager-role</role-name>
<role-name>Admin-role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>EmployeeArea</display-name>
<web-resource-collection>
<web-resource-name>EmployeeConstraint</web-resource-name>
<description/>
<url-pattern>/user/Overview.jsf</url-pattern>
<url-pattern>/user/PrepareReport.jsf</url-pattern>
<url-pattern>/user/Search.jsf</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Employee-role</role-name>
<role-name>Admin-role</role-name>
<role-name>Manager-role</role-name>
<role-name>OKIF-role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>AdminArea</display-name>
<web-resource-collection>
<web-resource-name>AdminCompetence</web-resource-name>
<description/>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Admin-role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>UserArea</display-name>
<web-resource-collection>
<web-resource-name>UserConstraint</web-resource-name>
<description/>
<url-pattern>/index.jsf</url-pattern>
<url-pattern>/template.jsf</url-pattern>
<url-pattern>/user/UserDetail.jsf</url-pattern>
<url-pattern>/user/UserInformation.jsf</url-pattern>
<url-pattern>/print/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Employee-role</role-name>
<role-name>Admin-role</role-name>
<role-name>Manager-role</role-name>
<role-name>OKIF-role</role-name>
</auth-constraint>
</security-constraint>
<!--<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsf</form-login-page>
<form-error-page>/login.jsf</form-error-page>
</form-login-config>
</login-config>-->
<security-role>
<description/>
<role-name>Employee-role</role-name>
</security-role>
<security-role>
<description/>
<role-name>Admin-role</role-name>
</security-role>
<security-role>
<description/>
<role-name>Manager-role</role-name>
</security-role>
<security-role>
<description/>
<role-name>OKIF-role</role-name>
</security-role>
</web-app>
And my filter:
public class LoginFilter implements Filter {
private FilterConfig filterConfig = null;
public LoginFilter() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
if (req.getUserPrincipal() == null) {
req.getSession().setAttribute("from", req.getRequestURI());
res.sendRedirect("/login.jsf");
} else {
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
}
}
解决方案
In your customized login form, add the following hidden field:
<input type="hidden" name="from" value="#{requestScope['javax.servlet.forward.request_uri']}" />
which you set in JSF as follows
@ManagedProperty(value="#{param.from}")
private String from;
and redirect as follows in login action method
if (from != null) {
externalContext.redirect(from);
}
No need for a Filter.
这篇关于如何使用Java EE 6 / Glassfish实现重定向到登录页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
