2

我在过去几天左右尝试运行嵌入式码头服务器,但我无法像我想要的那样配置我的安全处理程序..

初始化代码是这样的:

interfaceServer = new Server(configManager.getServerPort());
// Initializing the security handler
ServletContextHandler appContext = new ServletContextHandler(interfaceServer, "/", ServletContextHandler.SESSIONS | ServletContextHandler.SECURITY);
// SECURITY HANDLER
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.setConstraintMappings(getConstraintMappings());
securityHandler.setLoginService(getLoginService());
securityHandler.setAuthenticator(getAuthenticator());
securityHandler.setCheckWelcomeFiles(true);
// Set security
appContext.setSecurityHandler(securityHandler);
appContext.setResourceBase(webDir);
appContext.setWelcomeFiles(new String[] {"gui.tmpl"});
// Add servlets
appContext.addServlet(new ServletHolder(new SyncServlet(systemOutBypass)), "/sync");
appContext.addServlet(new ServletHolder(new CommandServlet(configManager)), "/exec");
appContext.addServlet(new ServletHolder(new ConfigServlet(configManager)), "/conf");
appContext.addServlet(new ServletHolder(new FeedServlet(configManager)), "/feed");
appContext.addServlet(new ServletHolder(new ProxyServlet(configManager)), "/proxy");
appContext.addServlet(new ServletHolder(new BrowseServlet(configManager)), "/browse");
appContext.addServlet(DefaultServlet.class, "/");
// Apply to server
interfaceServer.setHandler(appContext);
interfaceServer.start();

辅助功能:

private static ConstraintMapping[] getConstraintMappings() {
    // CONSTRAINT
    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__FORM_AUTH);
    constraint.setRoles(new String[]{"user", "admin"});
    constraint.setAuthenticate( true );
    // MAPPINGS
    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setPathSpec( "*.tmpl" );
    mapping.setConstraint( constraint );

    return new ConstraintMapping[] {mapping};
}

private static LoginService getLoginService(){
    // HASH LOGIN SERVICE
    HashLoginService loginService = new HashLoginService();
    loginService.putUser("admin", new Password("admin"), new String[] {"user"});
    return loginService;
    }

private static Authenticator getAuthenticator(){
    // FORM AUTH
    return new FormAuthenticator("/login.tmpl", "/login.tmpl", false);
}

像这样配置它可以工作,但只有当我输入时我才被重定向到登录页面,http://127.0.0.1:8083/gui.tmpl同时http://127.0.0.1:8083/显示 gui.tmpl 文件但不加载所有其他内容并且不重定向我..如果我将 setPathSpec 路径更改为“/ " 安全性应用于整个应用程序,但无法访问静态文件,因此登录表单未设置样式(我被迫使用内联 css 设置样式)

想要的行为是仅应用于文件夹或文件集以及可访问的静态文件(如 css、图像等)的安全性。这可能吗?如果不是,唯一的解决方案是内联样式?请帮忙!

你可以在Bitbucket的实验分支上找到完整的项目(也可以查看 master 以防万一。)

4

1 回答 1

1

You need to chain handlers in proper way (order). Add appContext to securityHandler, not the other way.

interfaceServer = new Server(configManager.getServerPort());
// Initializing the security handler
ServletContextHandler appContext = new ServletContextHandler(interfaceServer, "/", ServletContextHandler.SESSIONS | ServletContextHandler.SECURITY);
// SECURITY HANDLER
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.setConstraintMappings(getConstraintMappings());
securityHandler.setLoginService(getLoginService());
securityHandler.setAuthenticator(getAuthenticator());
securityHandler.setCheckWelcomeFiles(true);
securityHandler.setHandler(appContext);
// Set security
appContext.setResourceBase(webDir);
appContext.setWelcomeFiles(new String[] {"gui.tmpl"});
// Add servlets
appContext.addServlet(new ServletHolder(new SyncServlet(systemOutBypass)), "/sync");
appContext.addServlet(new ServletHolder(new CommandServlet(configManager)), "/exec");
appContext.addServlet(new ServletHolder(new ConfigServlet(configManager)), "/conf");
appContext.addServlet(new ServletHolder(new FeedServlet(configManager)), "/feed");
appContext.addServlet(new ServletHolder(new ProxyServlet(configManager)), "/proxy");
appContext.addServlet(new ServletHolder(new BrowseServlet(configManager)), "/browse");
appContext.addServlet(DefaultServlet.class, "/");
// Apply to server
interfaceServer.setHandler(securityHandler);
interfaceServer.start();
于 2013-12-31T09:56:46.533 回答