我有一个基于 GateIn 门户的应用程序,我在其中提交一个离线表单(一个 HTML 表单,使用 javascript 提交)。
我正在将我的表单提交到Servlet
. Servlet
检查用户是否登录。如果用户未登录,则将用户重定向到登录页面,解析表单数据并将其保存在会话中并显示登录页面。从登录页面用户输入凭据并提交。在登录 portlet 中,保存的会话数据不可用
同样的事情也在 Mozilla 中工作。
Servlet
从哪里重定向到登录页面:
protected void doPost(HttpServletRequest aoRequest, HttpServletResponse aoResponse) throws ServletException, IOException
{
MOLOGWRAPPER.info("SPEFormServiceServlet doPost start");
Map<String, Object> loHMForm = null;
String lsIsOffline = null;
String lsServiceName = null;
String lsApplicantId = null;
lsIsOffline = (String) aoRequest.getParameter("Offline");
String lsTimeStamp = null;
long loTimeStamp;
String lsContentPath = this.getServletConfig().getServletContext().getRealPath("");
if (null != aoRequest.getParameter("formAction") && "fromLogin".equalsIgnoreCase(aoRequest.getParameter("formAction")))
{
loHMForm = (Map<String, Object>) aoRequest.getSession().getAttribute("OfflineData");
}
//MOLOGWRAPPER.info("LoHM after login in servlet "+loHMForm);
String msUserId = null;
if (null != aoRequest.getUserPrincipal())
msUserId = aoRequest.getUserPrincipal().getName();
HttpSession moSession = aoRequest.getSession();
try
{
if (null != aoRequest.getParameter("serviceName"))
{
lsServiceName = aoRequest.getParameter("serviceName").trim();
}
lsApplicantId = aoRequest.getParameter("applicantId");
// Getting unique time stamp for per user per service
if (null != aoRequest.getParameter("timestamp"))
{
lsTimeStamp = aoRequest.getParameter("timestamp").trim();
loTimeStamp = Long.parseLong(aoRequest.getParameter("timestamp"));
} else
{
loTimeStamp = (new Date()).getTime();
lsTimeStamp = String.valueOf(loTimeStamp);
aoRequest.setAttribute("TMAttachment", lsTimeStamp);
}
if (null != lsIsOffline && lsIsOffline.equals("Y"))
{
if (null == msUserId)
{
try
{
MOLOGWRAPPER.info("SPEFormServiceServlet in logout block msUserId:" + msUserId);
MOLOGWRAPPER.info("SPEFormServiceServlet in logout block SessionID:" + aoRequest.getSession().getId());
aoRequest.logout();
} catch (ServletException e)
{
e.printStackTrace();
}
aoRequest.getSession().setAttribute("OfflineData", loHMForm);
aoRequest.setAttribute("OfflineData", loHMForm);
aoResponse.sendRedirect(aoRequest.getScheme() + "://" + aoRequest.getServerName() + ":" + aoRequest.getServerPort() + "/portal/portal/Login?offlineFlag=y&FromForm=y&sp_serviceName=" + lsServiceName);
return;
}
}
} catch (Exception e)
{
}
}
登录 Portlet:
doView
:
public void doView(RenderRequest aoRequest, RenderResponse aoResponse)
throws PortletException, IOException
{
RenderRequestImpl renderRequest = (RenderRequestImpl) aoRequest;
HttpServletRequestWrapper httpReq = renderRequest.getRealRequest();
String serviceName = httpReq.getParameter("sp_serviceName");
aoRequest.setAttribute("sp_serviceName", serviceName);
String offlineFlag = httpReq.getParameter("offlineFlag");
aoRequest.setAttribute("sp_offlineFlag", offlineFlag);
String fromFrom = httpReq.getParameter("FromForm");
aoRequest.setAttribute("FromForm", fromFrom);
PortletSession moSession = aoRequest.getPortletSession();
if (null != httpReq.getParameter("FromForm") && "Y".equalsIgnoreCase(fromFrom))
{
moSession.setAttribute("OfflineData",
httpReq.getSession().getAttribute("OfflineData"),
PortletSession.APPLICATION_SCOPE);
}
lscsrfVal = RandomStringUtils.randomAlphanumeric(40);
moSession.setAttribute("csrfVal", lscsrfVal);
aoRequest.setAttribute("csrfVal", lscsrfVal);
logger.info("lscsrfVal :: " + lscsrfVal);
logger.info("moSession : Doview id :: " + moSession.getId());
}
processAction
:
public void processAction(ActionRequest aoRequest, ActionResponse aoResponse)
throws PortletException
{
PortletSession moSession = aoRequest.getPortletSession();
logger.info("moSession : Process Action id :: " + moSession.getId());
logger.info("csrfVal == " + moSession.getAttribute("csrfVal"));
HttpServletRequest req = Util.getPortalRequestContext().getRequest();
HttpSession moHttpSession = req.getSession();
moHttpSession.getAttribute("csrfVal");
logger.info("moHttpSession : Process Action id :: " + moHttpSession.getId());
logger.info("moHttpSession : Process Action OfflineData ::"
+ moHttpSession.getAttribute("OfflineData"));
if (null != moSession.getAttribute("csrfVal")
&& null != aoRequest.getParameter("sp_csrf")
&& aoRequest.getParameter("sp_csrf").equals(moSession.getAttribute("csrfVal")))
{
logger.info("request is valid");
moSession.removeAttribute("csrfVal");
} else
{
moSession.setAttribute("csrfValErr", "true");
logger.info("request is invalid :: Redirect to Login");
return;
}
}
日志:
15:37:41,387 INFO [com.abc.sp.action.SPEFormServiceServlet] (ajp-/127.0.0.1:8009-1) SPEFormServiceServlet in logout block msUserId:null
15:37:41,387 INFO [com.abc.sp.action.SPEFormServiceServlet] (ajp-/127.0.0.1:8009-1) SPEFormServiceServlet in logout block SessionID:k4dIpdc1Dqiadh4ZMCGTQaeN
15:37:44,418 INFO [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) SPUserActionPortlet : doView : start
15:37:45,287 INFO [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) lscsrfVal :: PLlmfohMhtPBkO2Qt7HAQAMQsdaAg5qsEWCII8aP
15:37:45,287 INFO [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) moSession : Doview id :: NC9VLsKmqKPuev2AA304RMTU
15:37:45,287 INFO [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) SPUserActionPortlet : doView : end
15:38:07,471 INFO [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) SPUserActionPortlet : processAction : Start
15:38:07,491 INFO [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) moSession : Process Action id :: o8t09QtNv7-fpR0hcP7uXs1g
15:38:07,491 INFO [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) csrfVal == null
15:38:07,491 INFO [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) moHttpSession : Process Action id :: o8t09QtNv7-fpR0hcP7uXs1g
15:38:07,491 INFO [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) moHttpSession : Process Action OfflineData :: null
15:38:07,491 INFO [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) request is invalid :: Redirect to Login
编辑
带有 HttpServletRequest 的 doView 方法 httpReq=Util.getPortalRequestContext().getRequest();
public void doView(RenderRequest aoRequest, RenderResponse aoResponse)
throws PortletException, IOException {
HttpServletRequest httpReq=Util.getPortalRequestContext().getRequest();
HttpSession moHttpSession =httpReq.getSession();
String serviceName=httpReq.getParameter("sp_serviceName");
aoRequest.setAttribute("sp_serviceName", serviceName);
String offlineFlag=httpReq.getParameter("offlineFlag");
aoRequest.setAttribute("sp_offlineFlag", offlineFlag);
String fromFrom=httpReq.getParameter("FromForm");
aoRequest.setAttribute("FromForm", fromFrom);
PortletSession moSession = aoRequest.getPortletSession();
if(null!=httpReq.getParameter("FromForm") && "Y".equalsIgnoreCase(fromFrom)){
moSession.setAttribute("OfflineData", httpReq.getSession().getAttribute("OfflineData"), PortletSession.APPLICATION_SCOPE);
}
lscsrfVal = RandomStringUtils.randomAlphanumeric(40);
moSession.setAttribute("csrfVal",lscsrfVal);
aoRequest.setAttribute("csrfVal",lscsrfVal);
MOLOGWRAPPER.info("lscsrfVal :: "+lscsrfVal);
MOLOGWRAPPER.info("moSession : Doview id :: "+moSession.getId());
}
日志:在doView中:
11:56:05,636 INFO [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-2) SPUserActionPortlet : doView : start
11:56:05,637 INFO [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-2) lscsrfVal :: TsUGvRcevcuSeo4a7daqhl2bjU6lJf9Cg6MNLgYn
11:56:05,637 INFO [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-2) moSession : Doview id :: 7jxf2nzyatjdxYgoMYYGHKyj
11:56:05,637 INFO [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-2) SPUserActionPortlet : doView : end
日志:在 processAction:
11:56:37,526 INFO [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-5) moSession : Process Action id :: -r96FXye5MlDW+xsEjUgKbzV
11:56:37,527 INFO [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-5) csrfVal == null
11:56:37,527 INFO [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-5) moHttpSession : Process Action id :: -r96FXye5MlDW+xsEjUgKbzV
11:56:37,528 INFO [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-5) moHttpSession : Process Action OfflineData :: null