我知道这不是它的本意,而且完全错误,但是命令就是命令,我需要执行以下操作:用户使用参数上的 accesskey 访问 servlet,如下所示:
http://myhost/my_app/servlet?accesskey=XXXXX
然后 servlet 获取密钥并使用它在 seam 上对用户进行身份验证,这可能吗?到目前为止我无法做到
我知道这不是它的本意,而且完全错误,但是命令就是命令,我需要执行以下操作:用户使用参数上的 accesskey 访问 servlet,如下所示:
http://myhost/my_app/servlet?accesskey=XXXXX
然后 servlet 获取密钥并使用它在 seam 上对用户进行身份验证,这可能吗?到目前为止我无法做到
您的 servlet 中的此代码应该使您能够访问您的接缝组件。
Lifecycle.beginCall();
Authenticator authenticator = (Authenticator)Component.getInstance("authenticator");
LifeCycle.endCall();
从您的问题中不清楚您是否需要创建自定义 servlet 或者您只需要根据请求参数进行登录。主要区别在于自定义 servlet 不会被 Seam 拦截,除非您手动启动 Seam 生命周期,否则您无法使用组件(正如 Trind 所指出的,当从外部调用时,您需要使用LifeCycle.beginCall()
并且LifeCycle.endCall()
能够使用 Seam 组件SeamFilter
)。除此之外,这两种解决方案的工作方式相似。
创建一个将处理身份验证的组件:
@Name("myAuthenticator")
public class MyAuthenticator implements Serializable {
// Seam's identity component
@In private transient Identity identity;
// When logged in, the user needs to have some roles, usually
// you assign these dynamically based on user name, type, etc., here
// I just initialize it to a fixed list of roles
ArrayList<String> roles = new ArrayList<String>(Arrays.toList(
new String[] { "base", "admin" }));
// Access key (getters and setters omitted but are necessary)
private String accessKey;
public String doAuth() {
// Check accessKey validity (against an SSO service or
// in your DB or whatever), here we do a trivial check.
boolean userCanAccess = "ADMINKEY".equals(accessKey);
if (userCanAccess) {
identity.acceptExternallyAuthenticatedPrincipal(
new SimplePrincipal("username"));
// Assign user roles
for (String role : roles) {
identity.addRole(role);
}
return "ok";
}
return "ko";
}
}
现在创建一个登录页面描述符,它将通过参数处理登录(例如externalLogin.page.xml
,您不需要为此创建.xhtml
页面):
<page>
<!-- this sets the accessKey variable with the query parameter -->
<param name="accessKey" value="#{myAuthenticator.accessKey}" />
<!-- this invokes our authentication action -->
<action execute="#{myAuthenticator.doAuth}" />
<!-- navigation rules, these determine what to do if auth is ok or fails -->
<navigation from-action="#{myAuthenticator.doAuth}">
<rule if-outcome="ko">
<redirect view-id="/error.xhtml">
<message severity="ERROR">Invalid Authentication Key</message>
</redirect>
</rule>
<rule if-outcome="ok">
<redirect view-id="/home.xhtml">
<message severity="INFO">Welcome!</message>
</redirect>
</rule>
</navigation>
</page>
现在要执行登录,您可以使用该页面,如下所示:
http://localhost:8080/yourapp/externalLogin.seam?accessKey=XXXXXXXX
如果您需要使用自定义 servlet(不太可能,但尽管如此),上述组件不会更改,只需从 servlet 中调用它,如下所示:
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
// Start Seam lifecycle
LifeCycle.beginCall();
// Get an instance of the authenticator component from Seam
MyAuthenticator auth = Component.getInstance("myAuthenticator");
// Set access key in component and perform auth
auth.setAccessKey(req.getParameter("accessKey"));
String result = auth.doAuth();
// End Seam lifecycle, no more component calls are needed.
LifeCycle.endCall();
// Do something here with the result
if ("ok".equals(result)) {
resp.sendRedirect(...);
}
}