1

我知道这不是它的本意,而且完全错误,但是命令就是命令,我需要执行以下操作:用户使用参数上的 accesskey 访问 servlet,如下所示:

http://myhost/my_app/servlet?accesskey=XXXXX

然后 servlet 获取密钥并使用它在 seam 上对用户进行身份验证,这可能吗?到目前为止我无法做到

4

2 回答 2

1

您的 servlet 中的此代码应该使您能够访问您的接缝组件。

Lifecycle.beginCall();

Authenticator authenticator = (Authenticator)Component.getInstance("authenticator");

LifeCycle.endCall();
于 2012-09-03T20:43:01.700 回答
1

从您的问题中不清楚您是否需要创建自定义 servlet 或者您只需要根据请求参数进行登录。主要区别在于自定义 servlet 不会被 Seam 拦截,除非您手动启动 Seam 生命周期,否则您无法使用组件(正如 Trind 所指出的,当从外部调用时,您需要使用LifeCycle.beginCall()并且LifeCycle.endCall()能够使用 Seam 组件SeamFilter)。除此之外,这两种解决方案的工作方式相似。

创建一个将处理身份验证的组件:

@Name("myAuthenticator")
public class MyAuthenticator implements Serializable {

    // Seam's identity component
    @In private transient Identity identity;

    // When logged in, the user needs to have some roles, usually
    // you assign these dynamically based on user name, type, etc., here
    // I just initialize it to a fixed list of roles
    ArrayList<String> roles = new ArrayList<String>(Arrays.toList(
            new String[] { "base", "admin" }));

    // Access key (getters and setters omitted but are necessary)
    private String accessKey;

    public String doAuth() {
        // Check accessKey validity (against an SSO service or 
        // in your DB or whatever), here we do a trivial check.
        boolean userCanAccess = "ADMINKEY".equals(accessKey);

        if (userCanAccess) {
            identity.acceptExternallyAuthenticatedPrincipal(
                    new SimplePrincipal("username"));

            // Assign user roles
            for (String role : roles) {
                identity.addRole(role);
            }
            return "ok";
        }
        return "ko";
    }
}

现在创建一个登录页面描述符,它将通过参数处理登录(例如externalLogin.page.xml,您不需要为此创建.xhtml页面):

<page>
    <!-- this sets the accessKey variable with the query parameter -->
    <param name="accessKey" value="#{myAuthenticator.accessKey}" />

    <!-- this invokes our authentication action -->
    <action execute="#{myAuthenticator.doAuth}" />

    <!-- navigation rules, these determine what to do if auth is ok or fails -->
    <navigation from-action="#{myAuthenticator.doAuth}">
        <rule if-outcome="ko">
            <redirect view-id="/error.xhtml">
                <message severity="ERROR">Invalid Authentication Key</message>
            </redirect>
        </rule>
        <rule if-outcome="ok">
            <redirect view-id="/home.xhtml">
                <message severity="INFO">Welcome!</message>
            </redirect>
        </rule>
    </navigation>
</page>

现在要执行登录,您可以使用该页面,如下所示:

http://localhost:8080/yourapp/externalLogin.seam?accessKey=XXXXXXXX

如果您需要使用自定义 servlet(不太可能,但尽管如此),上述组件不会更改,只需从 servlet 中调用它,如下所示:

public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
    // Start Seam lifecycle
    LifeCycle.beginCall();
    // Get an instance of the authenticator component from Seam
    MyAuthenticator auth = Component.getInstance("myAuthenticator");
    // Set access key in component and perform auth
    auth.setAccessKey(req.getParameter("accessKey"));
    String result = auth.doAuth();
    // End Seam lifecycle, no more component calls are needed.
    LifeCycle.endCall();

    // Do something here with the result
    if ("ok".equals(result)) {
        resp.sendRedirect(...);
    }
}
于 2012-09-10T15:21:42.930 回答