1
我已經實現了一個簡單的過濾器,它只是將兩個原則添加到當前會話中(請參閱下面的doFilter)。我的問題是,當我請求一個資源時,這是射擊,但是我永遠無法看到資源,因爲彈出了基於FORM的登錄屏幕。我試圖繞過基於表單的登錄過濾器(最終使用快速到期的令牌),儘管似乎沒有任何東西似乎允許我這樣做。Tomcat SecurityFilter和授權
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httprequest = (HttpServletRequest)request;
HttpServletResponse httpresponse = (HttpServletResponse)response;
HttpSession session = httprequest.getSession(true);
Subject subject = (Subject)session.getAttribute("javax.security.auth.subject");
if (subject == null){
subject = new Subject();
PlainUserPrincipal user = new PlainUserPrincipal("admin");
PlainRolePrincipal role = new PlainRolePrincipal("admin");
subject.getPrincipals().add(user);
subject.getPrincipals().add(role);
}
chain.doFilter(httprequest, httpresponse);
}
@Tim - Doh,併發編輯。我回到你的。 – 2011-01-28 22:48:47