JSF - 为受限制的页面实现过滤器
[英]JSF - implementing filter for restricted pages
问题描述
I'm following answer by @BalusC to JSF 2.0: How to get the URL that is entered in the browser's address bar to restrict pages from users who are not logged in. 
我正在按照@BalusC对JSF 2.0的回答:如何获取在浏览器地址栏中输入的URL以限制未登录用户的页面。
Filter: 过滤:
public class RestrictPageFilter implements Filter{
FilterConfig fc;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
fc=filterConfig;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpreq = (HttpServletRequest) request;
HttpServletResponse httpres = (HttpServletResponse) response;
if (httpreq.getUserPrincipal() == null) {
httpreq.getSession().setAttribute("from", httpreq.getRequestURI());
httpres.sendRedirect("/pages/login.xhtml");
} else {
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
}
web.xml: web.xml中:
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin pages</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<url-pattern>/restricted/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>User pages</web-resource-name>
<url-pattern>/restricted/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
<!--login-config>
<auth-method>FORM</auth-method>
<realm-name>jdbc-realm</realm-name>
<form-login-config>
<form-login-page>/pages/login.xhtml</form-login-page>
<form-error-page>/pages/error.xhtml</form-error-page>
</form-login-config>
</login-config-->
<filter>
<filter-name>RestrictPageFilter</filter-name>
<filter-class>gov.denis.chanceryweb5.filter.RestrictPageFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RestrictPageFilter</filter-name>
<url-pattern>/restricted/*</url-pattern>
</filter-mapping>
glassfish-web.xml 与GlassFish的web.xml
<glassfish-web-app>
<security-role-mapping>
<role-name>ADMIN</role-name>
<group-name>ADMIN</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>USER</role-name>
<group-name>USER</group-name>
</security-role-mapping>
realm in glassfish gui console: 在glassfish gui控制台的领域:
When accessing my web app, in browser i see this for some reason? 访问我的网络应用程序时,在浏览器中我出于某种原因看到了这个? why? 为什么?
1 个解决方案
解决方案1
1 2012-04-12 23:35:56
You are seeing the dialog associated with the BASIC authentication method. 您将看到与BASIC身份验证方法关联的对话框。
You currently have the login-config elements of your web.xml file commented out... so that configuration is not being applied. 您当前已将web.xml文件的login-config元素注释掉...因此未应用配置。
GlassFish 3 servers have a default login-config that is used when a user deployed app specifies a security-constraint but does not specify a login config... GlassFish 3服务器具有默认的login-config,当用户部署应用程序指定安全约束但未指定登录配置时使用该命令...
The effective login-config for your app actually looks something like this 您的应用程序的有效login-config实际上看起来像这样
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
The default login-config is specified in glassfish3/glassfish/domains/<your domain name here>/config/default-web.xml 默认的login-config在glassfish3/glassfish/domains/<your domain name here>/config/default-web.xml
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.