JSF - 实施过滤器限制页(JSF - implementing filter for rest

2019-09-16 12:20发布

我继@BalusC答案JSF 2.0:如何获取在浏览器地址栏中输入的URL ,以限制来自未登录的用户谁的页面。

过滤:

public class RestrictPageFilter implements Filter{
    FilterConfig fc;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        fc=filterConfig;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpreq = (HttpServletRequest) request;
        HttpServletResponse httpres = (HttpServletResponse) response;
        if (httpreq.getUserPrincipal() == null) {
            httpreq.getSession().setAttribute("from", httpreq.getRequestURI());
            httpres.sendRedirect("/pages/login.xhtml");
        } else {
            chain.doFilter(request, response);
        }
    }

    @Override
    public void destroy() {
        // TODO Auto-generated method stub
    }
}

web.xml中:

<security-constraint>
    <web-resource-collection>
      <web-resource-name>Admin pages</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
      <url-pattern>/restricted/*</url-pattern>
      <http-method>GET</http-method>
          <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>ADMIN</role-name>
    </auth-constraint>
  </security-constraint>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>User pages</web-resource-name>
      <url-pattern>/restricted/*</url-pattern>
      <http-method>GET</http-method>
          <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>ADMIN</role-name>
      <role-name>USER</role-name>
    </auth-constraint>
  </security-constraint>

   <!--login-config>
     <auth-method>FORM</auth-method>
     <realm-name>jdbc-realm</realm-name>
     <form-login-config>
       <form-login-page>/pages/login.xhtml</form-login-page>
       <form-error-page>/pages/error.xhtml</form-error-page>
     </form-login-config>
   </login-config-->

    <filter>
        <filter-name>RestrictPageFilter</filter-name>
        <filter-class>gov.denis.chanceryweb5.filter.RestrictPageFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>RestrictPageFilter</filter-name>
        <url-pattern>/restricted/*</url-pattern>
    </filter-mapping> 

与GlassFish的web.xml

<glassfish-web-app>
<security-role-mapping>
    <role-name>ADMIN</role-name>
    <group-name>ADMIN</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>USER</role-name>
    <group-name>USER</group-name>
  </security-role-mapping>

境界GlassFish中的GUI控制台:

当访问我的web应用程序,浏览器我认为这出于某种原因? 为什么?

Answer 1:

你看到用BASIC认证方法相关的对话框。

您目前已注释掉web.xml文件的登录,配置元素...所以没有应用该配置。

GlassFish的3台服务器有一个用于当用户部署的应用程序指定安全性约束,但不指定登录配置默认登录,配置...

有效的登录,配置为您的应用程序实际上看起来是这样的

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>file</realm-name>
  </login-config>

默认的登录配置,那么在指定glassfish3/glassfish/domains/<your domain name here>/config/default-web.xml



文章来源: JSF - implementing filter for restricted pages