stackoom
  简体   繁体   中英

Intercepting j_security_check on Tomcat to modify username for passion to LDAP in Struts 2

 原文  2021-06-29 13:27:19       tomcat/ struts2/ interceptor/ jaas/ j-security-check

Question

I need to modify the username on the login form before it is passed on to LDAP for authentication. Application is struts-based. I need to remove some characters from the j_username before it is passed on to LDAP. Whats is the best way of doing it, javascript or writing a filter or interceptors in Struts? Can we make a login request to come to filter before it goes to j_security_check ?

Here are the details:

login.jsp : 

<form name="loginForm" method="POST" action='<%= response.encodeURL("j_security_check") %>'>
<table>
<tr><td>User Name</td><td><input type="text" name="j_username" size="10" maxlength="30"></td></tr>
<tr><td>Password</td><td><input type="password" name="j_password" size="10" maxlength="30"></td></tr>
<tr><td>&nbsp;</td><td><input type="submit" value="Login" name="j_security_check"></td></td></tr>
</table>
</form>

web.xml : 

<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>Form-Based Authentication Area</realm-name>
        <form-login-config>
          <!--  form-login-page>/login.jsp</form-login-page -->
          <form-login-page>/WEB-INF/login.jsp</form-login-page>
          <form-error-page>/WEB-INF/login.jsp?result=false</form-error-page>
        </form-login-config>
    </login-config>

context.xml : 

 <Realm className="org.apache.catalina.realm.JNDIRealm"
         allRolesMode="authOnly"
         connectionURL="ldap://localhost:9002"
         connectionName="CN..."
         connectionPassword=""
         userPattern="--"/>

1 answers

solution1
 0  2021-07-02 05:28:59

The form action j_security_check is handled by the server before any filter invoked. So you can't intercept it in Struts 2.

If you need to modify some parameters passed with the request, you can set the form action to Struts action. Once Struts action is invoked you will get all parameters in the ActionContext . You can write a custom interceptor and add it to the action config.

The interceptor can return a result to redirect to the j_security_check with parameters that you already modified.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question j_security_check on Tomcat j_security_check on tomcat with 2 user roles Tomcat j_security_check user ID UTF-8 encoded j_security_check username incorrectly decoded as Latin-1 in Tomcat realm Auto Login using j_security_check in tomcat Birt/tomcat: set session variable after j_security_check Tomcat behind Apache: Using SSL with j_security_check intercept j_security_check How to trigger re-login with HTTP POST request to j_security_check in Tomcat FORM based authentication j_security_check connection interrupted
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM