這裏是我是如何實現j_security_check(容器管理的安全性)在WebSphere 7上運行我的JSF應用程序不幸的是,我使用Servlet API的版本沒有
request.login()
登錄過濾器類被創建用於攔截j_security_check調用。 ResponseWrapper記住登錄後要重定向的URL。
public class LoginFilter implements Filter {
private static String loginPage = "login.xhtml"; // read it from init config
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
// create wrapper
HttpServletRequest req = (HttpServletRequest) request;
MyWrapper myRes = new MyWrapper((HttpServletResponse) response);
// call authentication
chain.doFilter(request, myRes);
// check for login error
String redirectURL = myRes.getOriginalRedirect();
if (StringUtils.isBlank(redirectURL) || redirectURL.contains(loginPage)) {
myRes.setOriginalRedirect(homePage);
}
myRes.sendMyRedirect();
}
class MyWrapper extends HttpServletResponseWrapper {
String originalRedirect;
public MyWrapper(HttpServletResponse response) {
super(response);
}
@Override
public void sendRedirect(String location) throws IOException {
// just store location, don’t send redirect to avoid
// committing response
originalRedirect = location;
}
// use this method to send redirect after modifying response
public void sendMyRedirect() throws IOException {
super.sendRedirect(originalRedirect);
}
public String getOriginalRedirect() {
return originalRedirect;
}
public void setOriginalRedirect(String originalRedirect) {
this.originalRedirect = originalRedirect;
}
}
web.xml如下所示。
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.servlet.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/j_security_check</url-pattern>
</filter-mapping>
<filter>
<filter-name>RequestJSFFilter</filter-name
<filter-class>com.servlet.filter.RequestJSFFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RequestJSFFilter</filter-name>
<url-pattern>*.xhtml</url-pattern>
</filter-mapping>
另一個攔截所有* .xhtml並指向login.xhtml的過濾器。在login.xhtml中,表單可以如下所示
<form action="j_security_check" method=post>
<p>username: <input type="text" name="j_username"></p>
<p>password: <input type="password" name="j_password"></p>
<p><input type="submit" value="submit"></p>
</form>
希望這有助於。
HHm謝謝,但是當我們使用'request.login(username,password)',那麼JSF如何驗證它。就像我輸入basit(用戶)和basit(密碼)。我是否需要在glassfish服務器或數據庫中的某處設置用戶名密碼?意思是如何request.login()的作品?謝謝 – Basit
就像基於表單的認證一樣。唯一的區別是,你以編程方式調用它,而不是使用'j_username'和'j_password'提交給'j_security_check'。 – BalusC
好的謝謝很多:) – Basit