1. 首頁
  2. 問答
  3. HttpSession與Spring 3 MVC

HttpSession與Spring 3 MVC

2012-10-11 79 views
2

我想在Spring 3 MVC中使用HttpSession。我已經找遍了所有的網絡,並獲得在http://forum.springsource.org/showthread.php?98850-Adding-to-stuff-to-the-session-while-using-ResponseBodyHttpSession與Spring 3 MVC

該解決方案基本上,我的應用程序自動通過獲取winId驗證用戶,並通過LDAP授權(這是一個內部網站)。

這裏是應用程序的流程:

  1. 用戶進入應用程序URL(http://localhost:8082/eIA_Mock_5)它有一個歡迎頁面(index.jsp)之後
  2. 的index.jsp得到winId通過jQuery和點擊登錄.html(通過AJAX)並通過windowsId
  3. login.html(控制器)通過LDAP進行身份驗證並返回「有效」字符串作爲響應
  4. JavaScript在獲得正確響應後重定向/加載歡迎頁面,即去localhost:8082/eIA_Mock_5/welcome.html

現在,我有過濾器與它關聯,它檢查會話是否對每個傳入的請求有效。現在問題是即使我將數據設置爲HttpSession,但過濾器或任何其他控制器都無法通過會話獲取數據,因此不會繼續進行。

這是代碼。你能提出實際上什麼是錯的嗎?

Home_Controller.java

@Controller 
public class Home_Controller { 

    public static Log logger = LogFactory.getLog(Home_Controller.class); 

    @RequestMapping(value = {"/welcome"}) 
    public ModelAndView loadWelcomePage(HttpServletRequest request, HttpServletResponse response) 
    { 
     ModelAndView mdv = new ModelAndView(); 
     try { 
      /*HttpSession session = request.getSession(); 
      UserMasterBean userBean = (UserMasterBean)session.getAttribute("userBean"); 
      String userName = userBean.getWindowsId(); 
      if(userName == null || userName.equalsIgnoreCase("")) 
      { 
       mdv.setViewName("homePage"); 

       System.out.println("Unable to authenticate user "); 
       logger.debug("Unable to authenticate user "); 
      } 
      else 
      { 
       System.out.println("Welcome User "+userName); 
       logger.debug("Welcome User "+userName); 
       */ 
       mdv.setViewName("homePage"); 
      /*}*/ 

     } 
     catch (Exception e){ 
      logger.debug("inside authenticateUser ",e); 
      e.printStackTrace(); 
     } 
     return mdv; 
    } 

    @RequestMapping(value = "/login", method = RequestMethod.GET) 
    public @ResponseBody String authenticateUser(@RequestParam String userName, HttpSession session) 
    { 
     logger.debug("inside authenticateUser"); 

     String returnResponse = new String(); 
     try { 
      logger.debug("userName for Authentication " + userName); 
      System.out.println("userName for Authentication " + userName); 

      //HttpSession session = request.getSession(); 

      if (userName == null || userName.trim().equalsIgnoreCase("")) 
       returnResponse = "Invalid"; 
      else 
      { 
       System.out.println("uname " + userName); 

       String ldapResponse = LDAPConnectUtil.isValidActiveDirectoryUser(userName, ""); 

       if (ldapResponse.equalsIgnoreCase("true")) 
       { 
        returnResponse="Valid"; 

        System.out.println(userName + " Authenticated"); 
        logger.debug(userName + " Authenticated"); 

        UserMasterBean userBean = new UserMasterBean(); 
        userBean.setWindowsId(userName); 

        //if(session.getAttribute("userBean")==null) 
        session.setAttribute("userBean", userBean); 
       } 
       else 
       { 
        returnResponse = "Invalid"; 

        //session.setAttribute("userBean", null); 

        System.out.println("Unable to Authenticate the user through Ldap"); 
        logger.debug("Unable to Authenticate the user through Ldap"); 
       } 

       System.out.println("ldapResponse " + ldapResponse); 
       logger.debug("ldapResponse " + ldapResponse); 

       System.out.println("returnResponse " + returnResponse); 
      } 

      UserMasterBean u = (UserMasterBean)session.getAttribute("userBean"); 
      System.out.println("winId " + u.getWindowsId()); 
     } 
     catch(Exception e){ 
      e.printStackTrace(); 
      logger.debug("Exception in authenticateUser ", e); 
     } 
     return returnResponse; 
    } 
}


過濾

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 
{ 
    System.out.println("in PageFilter"); 
    boolean flag = false; 
    HttpServletRequest objHttpServletRequest = (HttpServletRequest)request; 
    HttpServletResponse objHttpServletResponse = (HttpServletResponse)response; 
    HttpSession session = objHttpServletRequest.getSession(); 
    String contextPath = objHttpServletRequest.getContextPath(); 

    String servletPath = objHttpServletRequest.getSession().getServletContext().getRealPath(objHttpServletRequest.getServletPath()); 

    logger.debug("contextPath :" + contextPath); 
    logger.debug("servletPath :" + servletPath); 
    System.out.println("in PageFilter, contextPath :" + contextPath); 
    System.out.println("in PageFilter, servletPath :" + servletPath); 

    if (servletPath.endsWith("\\") || servletPath.endsWith("/") || 
     servletPath.indexOf("css") > 0 || servletPath.indexOf("jsp") > 0 || 
     servletPath.indexOf("images") > 0 || servletPath.indexOf("js") > 0 || 
     servletPath.endsWith("index.jsp") || servletPath.indexOf("xls") > 0 || 
     servletPath.indexOf("ini") > 0 || servletPath.indexOf("login.html") > 0 || 
     /*servletPath.endsWith("welcome.html") ||*/ servletPath.endsWith("logout.do")) 
    { 
     System.out.println("User is trying to access allowed pages like Login.jsp, errorPage.jsp, js, images, css"); 
     logger.debug("User is trying to access allowed pages like Login.jsp, errorPage.jsp, js, images, css"); 
     flag = true; 
    } 

    if (flag == false) 
    { 
     System.out.println("flag = false"); 

     if (session.getAttribute("userBean") == null) 
      System.out.println("yes session.userbean is null"); 

     if ((session != null) && (session.getAttribute("userBean") != null)) 
     { 
      System.out.println("session!=null && session.getAttribute(userId)!=null"); 

      logger.debug("IF Part"); 

      UserMasterBean userBean = (UserMasterBean)session.getAttribute("userBean"); 
      String windowsId = userBean.getWindowsId(); 

      logger.debug("User Id " + windowsId + " allowed access"); 
      System.out.println("User Id " + windowsId + " allowed access"); 
      flag = true; 
     } 
     else 
     { 
      System.out.println("else .....session!=null && session.getAttribute(userId)!=null"); 
      logger.debug("Else Part"); 
      flag = false; 
     } 
    } 

    if (flag == true) { 
     try { 
      System.out.println("before chain.doFilter(request, response)"); 
      chain.doFilter(request, response); 
     } catch (Exception e) { 
      e.printStackTrace(); 
      try { 
       objHttpServletResponse.sendRedirect(contextPath + "/logout.do"); 
      } catch (Exception ex) { 
       ex.printStackTrace(); 
      } 
     } 
    } 
    else 
    { 
     try { 
      System.out.println("before sendRedirect"); 
      objHttpServletResponse.sendRedirect(contextPath + "/jsp/errorPage.jsp"); 
     } catch (Exception ex) { 
      ex.printStackTrace(); 
     } 

    } 

    System.out.println("end of PageFilter"); 
}


的index.jsp

<script type="text/javascript"> 
    //alert("inside s13"); 
    var WinNetwork = new ActiveXObject("WScript.Network"); 
    var userName = WinNetwork.UserName; 
    alert(userName); 

    $.ajax({ 
     url: "login.html", 
     data: "userName="+userName, 
     success: function(result) { 
      alert("result == " + result); 
      if (result == "Valid") 
       window.location = "http://10.160.118.200:8082/eIA_Mock_5/welcome.html"; 
     } 
    }); 
</script>


的web.xml與URL模式過濾條目*
我使用Spring MVC 3。

來源

2012-10-11 vipul12389

+0

您似乎主要將會話用於訪問控制/權限。不會彈出安全性更好的解決方案嗎? –

+0

我對春季安全是完全陌生的,因此我依靠本地會話。你也可以指出這裏有什麼錯?我似乎沒有任何東西被錯過 – vipul12389

回答

2

我覺得問題在ajax調用和設置windows.location之後。

請確保您已啓用Cookie。如果你不這樣做,你的ajax請求每次都會導致新的會話。

當你做window.location = url這個網址不是您目前的網址不同,這也導致新的會話,因爲cookie是域相關的,你改變了域名,例如localhost10.160.118.200

對於每個請求輸出sessionid並將其與以前的請求進行比較。它有助於查找何時重新創建會話。

另外this answer可以提供幫助。

來源

2012-10-11 14:36:38 user1516873

+0

是的,你是正確的......我完全錯過了...... 因爲我是abt部署在生產...這就是爲什麼改變後的URL ...修復後相同的URL,它的工作..你是一個救生員 謝謝讚賞 – vipul12389

相關問題

 相關問題