我想在Spring 3 MVC中使用HttpSession。我已經找遍了所有的網絡,並獲得在http://forum.springsource.org/showthread.php?98850-Adding-to-stuff-to-the-session-while-using-ResponseBodyHttpSession與Spring 3 MVC
該解決方案基本上,我的應用程序自動通過獲取winId驗證用戶,並通過LDAP授權(這是一個內部網站)。
這裏是應用程序的流程:
- 用戶進入應用程序URL(
http://localhost:8082/eIA_Mock_5
)它有一個歡迎頁面(index.jsp)之後 - 的index.jsp得到winId通過jQuery和點擊登錄.html(通過AJAX)並通過windowsId
- login.html(控制器)通過LDAP進行身份驗證並返回「有效」字符串作爲響應
- JavaScript在獲得正確響應後重定向/加載歡迎頁面,即去
localhost:8082/eIA_Mock_5/welcome.html
現在,我有過濾器與它關聯,它檢查會話是否對每個傳入的請求有效。現在問題是即使我將數據設置爲HttpSession,但過濾器或任何其他控制器都無法通過會話獲取數據,因此不會繼續進行。
這是代碼。你能提出實際上什麼是錯的嗎?
Home_Controller.java:
@Controller
public class Home_Controller {
public static Log logger = LogFactory.getLog(Home_Controller.class);
@RequestMapping(value = {"/welcome"})
public ModelAndView loadWelcomePage(HttpServletRequest request, HttpServletResponse response)
{
ModelAndView mdv = new ModelAndView();
try {
/*HttpSession session = request.getSession();
UserMasterBean userBean = (UserMasterBean)session.getAttribute("userBean");
String userName = userBean.getWindowsId();
if(userName == null || userName.equalsIgnoreCase(""))
{
mdv.setViewName("homePage");
System.out.println("Unable to authenticate user ");
logger.debug("Unable to authenticate user ");
}
else
{
System.out.println("Welcome User "+userName);
logger.debug("Welcome User "+userName);
*/
mdv.setViewName("homePage");
/*}*/
}
catch (Exception e){
logger.debug("inside authenticateUser ",e);
e.printStackTrace();
}
return mdv;
}
@RequestMapping(value = "/login", method = RequestMethod.GET)
public @ResponseBody String authenticateUser(@RequestParam String userName, HttpSession session)
{
logger.debug("inside authenticateUser");
String returnResponse = new String();
try {
logger.debug("userName for Authentication " + userName);
System.out.println("userName for Authentication " + userName);
//HttpSession session = request.getSession();
if (userName == null || userName.trim().equalsIgnoreCase(""))
returnResponse = "Invalid";
else
{
System.out.println("uname " + userName);
String ldapResponse = LDAPConnectUtil.isValidActiveDirectoryUser(userName, "");
if (ldapResponse.equalsIgnoreCase("true"))
{
returnResponse="Valid";
System.out.println(userName + " Authenticated");
logger.debug(userName + " Authenticated");
UserMasterBean userBean = new UserMasterBean();
userBean.setWindowsId(userName);
//if(session.getAttribute("userBean")==null)
session.setAttribute("userBean", userBean);
}
else
{
returnResponse = "Invalid";
//session.setAttribute("userBean", null);
System.out.println("Unable to Authenticate the user through Ldap");
logger.debug("Unable to Authenticate the user through Ldap");
}
System.out.println("ldapResponse " + ldapResponse);
logger.debug("ldapResponse " + ldapResponse);
System.out.println("returnResponse " + returnResponse);
}
UserMasterBean u = (UserMasterBean)session.getAttribute("userBean");
System.out.println("winId " + u.getWindowsId());
}
catch(Exception e){
e.printStackTrace();
logger.debug("Exception in authenticateUser ", e);
}
return returnResponse;
}
}
過濾:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
{
System.out.println("in PageFilter");
boolean flag = false;
HttpServletRequest objHttpServletRequest = (HttpServletRequest)request;
HttpServletResponse objHttpServletResponse = (HttpServletResponse)response;
HttpSession session = objHttpServletRequest.getSession();
String contextPath = objHttpServletRequest.getContextPath();
String servletPath = objHttpServletRequest.getSession().getServletContext().getRealPath(objHttpServletRequest.getServletPath());
logger.debug("contextPath :" + contextPath);
logger.debug("servletPath :" + servletPath);
System.out.println("in PageFilter, contextPath :" + contextPath);
System.out.println("in PageFilter, servletPath :" + servletPath);
if (servletPath.endsWith("\\") || servletPath.endsWith("/") ||
servletPath.indexOf("css") > 0 || servletPath.indexOf("jsp") > 0 ||
servletPath.indexOf("images") > 0 || servletPath.indexOf("js") > 0 ||
servletPath.endsWith("index.jsp") || servletPath.indexOf("xls") > 0 ||
servletPath.indexOf("ini") > 0 || servletPath.indexOf("login.html") > 0 ||
/*servletPath.endsWith("welcome.html") ||*/ servletPath.endsWith("logout.do"))
{
System.out.println("User is trying to access allowed pages like Login.jsp, errorPage.jsp, js, images, css");
logger.debug("User is trying to access allowed pages like Login.jsp, errorPage.jsp, js, images, css");
flag = true;
}
if (flag == false)
{
System.out.println("flag = false");
if (session.getAttribute("userBean") == null)
System.out.println("yes session.userbean is null");
if ((session != null) && (session.getAttribute("userBean") != null))
{
System.out.println("session!=null && session.getAttribute(userId)!=null");
logger.debug("IF Part");
UserMasterBean userBean = (UserMasterBean)session.getAttribute("userBean");
String windowsId = userBean.getWindowsId();
logger.debug("User Id " + windowsId + " allowed access");
System.out.println("User Id " + windowsId + " allowed access");
flag = true;
}
else
{
System.out.println("else .....session!=null && session.getAttribute(userId)!=null");
logger.debug("Else Part");
flag = false;
}
}
if (flag == true) {
try {
System.out.println("before chain.doFilter(request, response)");
chain.doFilter(request, response);
} catch (Exception e) {
e.printStackTrace();
try {
objHttpServletResponse.sendRedirect(contextPath + "/logout.do");
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
else
{
try {
System.out.println("before sendRedirect");
objHttpServletResponse.sendRedirect(contextPath + "/jsp/errorPage.jsp");
} catch (Exception ex) {
ex.printStackTrace();
}
}
System.out.println("end of PageFilter");
}
的index.jsp:
<script type="text/javascript">
//alert("inside s13");
var WinNetwork = new ActiveXObject("WScript.Network");
var userName = WinNetwork.UserName;
alert(userName);
$.ajax({
url: "login.html",
data: "userName="+userName,
success: function(result) {
alert("result == " + result);
if (result == "Valid")
window.location = "http://10.160.118.200:8082/eIA_Mock_5/welcome.html";
}
});
</script>
的web.xml與URL模式過濾條目*
我使用Spring MVC 3。
您似乎主要將會話用於訪問控制/權限。不會彈出安全性更好的解決方案嗎? –
我對春季安全是完全陌生的,因此我依靠本地會話。你也可以指出這裏有什麼錯?我似乎沒有任何東西被錯過 – vipul12389