以下是我为在 Websphere 7 中运行的 JSF 应用程序实现 j_security_check(容器管理安全)的方法。不幸的是,我使用的 servlet api 版本没有
request.login()
创建了一个登录过滤器类来拦截 j_security_check 调用。ResponseWrapper 记住登录后要重定向的 URL。
public class LoginFilter implements Filter {
private static String loginPage = "login.xhtml"; // read it from init config
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
// create wrapper
HttpServletRequest req = (HttpServletRequest) request;
MyWrapper myRes = new MyWrapper((HttpServletResponse) response);
// call authentication
chain.doFilter(request, myRes);
// check for login error
String redirectURL = myRes.getOriginalRedirect();
if (StringUtils.isBlank(redirectURL) || redirectURL.contains(loginPage)) {
myRes.setOriginalRedirect(homePage);
}
myRes.sendMyRedirect();
}
class MyWrapper extends HttpServletResponseWrapper {
String originalRedirect;
public MyWrapper(HttpServletResponse response) {
super(response);
}
@Override
public void sendRedirect(String location) throws IOException {
// just store location, don’t send redirect to avoid
// committing response
originalRedirect = location;
}
// use this method to send redirect after modifying response
public void sendMyRedirect() throws IOException {
super.sendRedirect(originalRedirect);
}
public String getOriginalRedirect() {
return originalRedirect;
}
public void setOriginalRedirect(String originalRedirect) {
this.originalRedirect = originalRedirect;
}
}
web.xml 如下所示。
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.servlet.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/j_security_check</url-pattern>
</filter-mapping>
<filter>
<filter-name>RequestJSFFilter</filter-name
<filter-class>com.servlet.filter.RequestJSFFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RequestJSFFilter</filter-name>
<url-pattern>*.xhtml</url-pattern>
</filter-mapping>
另一个过滤器拦截所有 *.xhtml 并指向 login.xhtml。在 login.xhtml 中,表单可以如下所示
<form action="j_security_check" method=post>
<p>username: <input type="text" name="j_username"></p>
<p>password: <input type="password" name="j_password"></p>
<p><input type="submit" value="submit"></p>
</form>
希望这可以帮助。