堆栈内存溢出
  简体   繁体   English

过滤j_security_check无效。 Glassfish V3 Netbeans 6.8

[英]Filter on j_security_check not working. Glassfish V3 Netbeans 6.8

 原文  2010-03-22 15:20:11       java/ servlets

问题描述

I am trying to execute a filter on j_security_check to perform some post login action like changing the redirect url etc. But problem is my filter never gets executed. 我正在尝试在j_security_check上执行过滤器,以执行一些登录后操作,例如更改重定向URL等。但是问题是我的过滤器从未执行过。 Any patchwork that i can apply? 我可以申请任何拼布吗? Any help would be appreciated. 任何帮助,将不胜感激。 I am literally fed up of container managed security. 我真的受够了容器管理的安全性。

Thanks in advance. 提前致谢。

3 个解决方案

解决方案1
 1  2010-03-22 15:32:09

You cannot programmatically hook on /j_security_check . 您无法以编程方式钩上/j_security_check This is a security restriction. 这是安全限制。

Your best bet is to determine the first-time login by manually checking the user principal in the HttpSession and put it there if absent and then do your thing. 最好的选择是通过手动检查HttpSession的用户主体来确定首次登录,如果不存在则将其放置在其中,然后执行操作。 I've posted a similar answer before here . 之前,我已经发布了类似的答案。 Here's an extract of the filter code, you just need to map the filter on the desired url-pattern covering the secured pages. 这是过滤器代码的一部分,您只需要将过滤器映射到覆盖安全页面的所需url-pattern 

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    UserPrincipal user = httpRequest.getUserPrincipal();
    HttpSession session = httpRequest.getSession();
    if (user != null && session.getAttribute("user") == null) {
        session.setAttribute("user", user);

        // First-time login. You can do your intercepting thing here.
    }
    chain.doFilter(request, response);
}

解决方案2
 0  2010-03-22 15:24:20

IMHO you shouldn't try to intercept the container's authentication system ; 恕我直言,您不应尝试拦截容器的身份验证系统; in your case, the redirect URL can be declaratively set in web.xml. 在您的情况下,可以在web.xml中以声明方式设置重定向URL。

If you want to perform some post-authentication actions, I suggest setting up a dummy post-auth servlet/jsp that does what you want and then redirects to the requested resource. 如果您想执行一些认证后的操作,建议您设置一个虚拟的认证后servlet / jsp,它可以执行您想要的操作,然后重定向到请求的资源。 That post-auth servlet can then be properly configured as the post-login page. 然后可以将该身份验证后servlet正确配置为登录后页面。

解决方案3
 0  2014-12-16 15:06:41

One portable solution. 一种便携式解决方案。

  1. Register a global filter on pattern /* ; 在模式/ *上注册全局过滤器;

  2. In doFilter() try to get a custom object from session (ie user workspace); 在doFilter()中,尝试从会话(即用户工作空间)中获取自定义对象;

  3. if object is null put a new object into session and perform post-login logic. 如果object为null,则将新对象放入会话并执行登录后逻辑。 

     public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException { Principal principal = request.getUserPrincipal(); if(principal != null) { UserWorkspace uwks = (UserWorkspace) getSession(request).getAttribute("com.foo.myproject.userworkspace"); if (uwks == null) { uwks = new UserWorkspace(principal); getSession(request).setAttribute("com.foo.myproject.userworkspace", uwks); // // post-login code here // } } chain.doFilter(request, response); }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何覆盖glassfish中的j_security_check? - How to override j_security_check in glassfish? 过滤器在j_security_check之前执行 - Filter executed before j_security_check Java 使用 j_security_check 和 Glassfish 进行身份验证 - Java forms auth with j_security_check and Glassfish 使用Servlet过滤器和j_security_check登录时出现无限循环 - Endless loop when logging in with Servlet Filter and j_security_check 通过J_security_check - By Passing J_security_check j_security_check不可用 - j_security_check is not available 使用Primefaces进行j_security_check - j_security_check with Primefaces j_security_check和JAAS - j_security_check and JAAS j_security_check重定向 - j_security_check redirect 关于Tomcat的j_security_check - j_security_check on Tomcat
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM