我在一个需要身份验证的新项目上使用 GWT 和 RequestFactory。
添加登录和注销功能的最佳位置在哪里?在 UserRequestContext 中?
提前致谢。
我在一个需要身份验证的新项目上使用 GWT 和 RequestFactory。
添加登录和注销功能的最佳位置在哪里?在 UserRequestContext 中?
提前致谢。
使用 servlet 过滤器。
我将 RequestFactory 调用分成两个流——一个用于未经身份验证的调用,另一个用于经过身份验证的调用。这是我的一块web.xml
。
<servlet>
<servlet-name>CustomRequestFactoryServlet</servlet-name>
<servlet-class>my.server.CustomRequestFactoryServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CustomRequestFactoryServlet</servlet-name>
<url-pattern>/gwtRequest</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>CustomRequestFactoryServlet</servlet-name>
<url-pattern>/gwtRequestAuth</url-pattern>
</servlet-mapping>
然后我创建了如下所示的 servlet 过滤器:
public class GaeAuthFilter implements Filter
{
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
UserService userService = UserServiceFactory.getUserService();
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (!userService.isUserLoggedIn())
{
String returnURI = "/";
String requestURI = request.getRequestURI();
String refererURI = request.getHeader("Referer");
if (requestURI.equals("/gwtRequestAuth"))
{
if (refererURI != null)
returnURI = refererURI;
} else
returnURI = requestURI;
response.setHeader("login", userService.createLoginURL(returnURI));
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
LoginService.login(request);
filterChain.doFilter(request, response);
}
}
如您所见,我将login
带有 URL 的 http-header 设置为 auth 网页。
在客户端代码中,我通过实现我自己的DefaultRequestTransport来拦截它,如下所示:
public class GaeAuthRequestTransport extends DefaultRequestTransport
{
private final EventBus eventBus;
public GaeAuthRequestTransport(EventBus eventBus)
{
this.eventBus = eventBus;
}
@Override
protected RequestCallback createRequestCallback(final TransportReceiver receiver)
{
final RequestCallback superCallback = super.createRequestCallback(receiver);
return new RequestCallback()
{
public void onResponseReceived(Request request, Response response)
{
if (Response.SC_UNAUTHORIZED == response.getStatusCode())
{
String loginUrl = response.getHeader("login");
if (loginUrl != null)
{
receiver.onTransportFailure(new ServerFailure(
"Unauthenticated user", null, null, false /* not fatal */));
eventBus.fireEvent(new GaeAuthenticationFailureEvent(loginUrl));
return;
}
}
superCallback.onResponseReceived(request, response);
}
public void onError(Request request, Throwable exception)
{
superCallback.onError(request, exception);
}
};
}
}
触发的事件在将浏览器导航到登录 URL 的客户端代码中处理。
就是这样。