[英]Filter on j_security_check not working. Glassfish V3 Netbeans 6.8
I am trying to execute a filter on j_security_check to perform some post login action like changing the redirect url etc. But problem is my filter never gets executed. 我正在尝试在j_security_check上执行过滤器,以执行一些登录后操作,例如更改重定向URL等。但是问题是我的过滤器从未执行过。 Any patchwork that i can apply? 我可以申请任何拼布吗? Any help would be appreciated. 任何帮助,将不胜感激。 I am literally fed up of container managed security. 我真的受够了容器管理的安全性。
Thanks in advance. 提前致谢。
You cannot programmatically hook on /j_security_check
. 您无法以编程方式钩上/j_security_check
。 This is a security restriction. 这是安全限制。
Your best bet is to determine the first-time login by manually checking the user principal in the HttpSession
and put it there if absent and then do your thing. 最好的选择是通过手动检查HttpSession
的用户主体来确定首次登录,如果不存在则将其放置在其中,然后执行操作。 I've posted a similar answer before here . 在此之前,我已经发布了类似的答案。 Here's an extract of the filter code, you just need to map the filter on the desired url-pattern
covering the secured pages. 这是过滤器代码的一部分,您只需要将过滤器映射到覆盖安全页面的所需url-pattern
。
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
UserPrincipal user = httpRequest.getUserPrincipal();
HttpSession session = httpRequest.getSession();
if (user != null && session.getAttribute("user") == null) {
session.setAttribute("user", user);
// First-time login. You can do your intercepting thing here.
}
chain.doFilter(request, response);
}
IMHO you shouldn't try to intercept the container's authentication system ; 恕我直言,您不应尝试拦截容器的身份验证系统; in your case, the redirect URL can be declaratively set in web.xml. 在您的情况下,可以在web.xml中以声明方式设置重定向URL。
If you want to perform some post-authentication actions, I suggest setting up a dummy post-auth servlet/jsp that does what you want and then redirects to the requested resource. 如果您想执行一些认证后的操作,建议您设置一个虚拟的认证后servlet / jsp,它可以执行您想要的操作,然后重定向到请求的资源。 That post-auth servlet can then be properly configured as the post-login page. 然后可以将该身份验证后servlet正确配置为登录后页面。
One portable solution. 一种便携式解决方案。
Register a global filter on pattern /* ; 在模式/ *上注册全局过滤器;
In doFilter() try to get a custom object from session (ie user workspace); 在doFilter()中,尝试从会话(即用户工作空间)中获取自定义对象;
if object is null put a new object into session and perform post-login logic. 如果object为null,则将新对象放入会话并执行登录后逻辑。
public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException { Principal principal = request.getUserPrincipal(); if(principal != null) { UserWorkspace uwks = (UserWorkspace) getSession(request).getAttribute("com.foo.myproject.userworkspace"); if (uwks == null) { uwks = new UserWorkspace(principal); getSession(request).setAttribute("com.foo.myproject.userworkspace", uwks); // // post-login code here // } } chain.doFilter(request, response); }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.