3

我正在关注@BalusC 对JSF 2.0 的回答:如何获取在浏览器地址栏中输入的 URL以限制未登录用户的页面。

筛选:

public class RestrictPageFilter implements Filter{
    FilterConfig fc;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        fc=filterConfig;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpreq = (HttpServletRequest) request;
        HttpServletResponse httpres = (HttpServletResponse) response;
        if (httpreq.getUserPrincipal() == null) {
            httpreq.getSession().setAttribute("from", httpreq.getRequestURI());
            httpres.sendRedirect("/pages/login.xhtml");
        } else {
            chain.doFilter(request, response);
        }
    }

    @Override
    public void destroy() {
        // TODO Auto-generated method stub
    }
}

网页.xml:

<security-constraint>
    <web-resource-collection>
      <web-resource-name>Admin pages</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
      <url-pattern>/restricted/*</url-pattern>
      <http-method>GET</http-method>
          <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>ADMIN</role-name>
    </auth-constraint>
  </security-constraint>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>User pages</web-resource-name>
      <url-pattern>/restricted/*</url-pattern>
      <http-method>GET</http-method>
          <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>ADMIN</role-name>
      <role-name>USER</role-name>
    </auth-constraint>
  </security-constraint>

   <!--login-config>
     <auth-method>FORM</auth-method>
     <realm-name>jdbc-realm</realm-name>
     <form-login-config>
       <form-login-page>/pages/login.xhtml</form-login-page>
       <form-error-page>/pages/error.xhtml</form-error-page>
     </form-login-config>
   </login-config-->

    <filter>
        <filter-name>RestrictPageFilter</filter-name>
        <filter-class>gov.denis.chanceryweb5.filter.RestrictPageFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>RestrictPageFilter</filter-name>
        <url-pattern>/restricted/*</url-pattern>
    </filter-mapping> 

glassfish-web.xml

<glassfish-web-app>
<security-role-mapping>
    <role-name>ADMIN</role-name>
    <group-name>ADMIN</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>USER</role-name>
    <group-name>USER</group-name>
  </security-role-mapping>

glassfish gui控制台中的领域: 在此处输入图像描述

访问我的网络应用程序时,在浏览器中我出于某种原因看到了这个?为什么?

在此处输入图像描述

4

1 回答 1

1

您将看到与 BASIC 身份验证方法相关的对话框。

您当前已将 web.xml 文件的 login-config 元素注释掉...因此未应用配置。

GlassFish 3 服务器具有默认登录配置,当用户部署的应用程序指定安全约束但未指定登录配置时使用该配置...

您的应用程序的有效登录配置实际上看起来像这样

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>file</realm-name>
  </login-config>

默认登录配置在glassfish3/glassfish/domains/<your domain name here>/config/default-web.xml

于 2012-04-12T23:35:56.120 回答