1

我有一个基于 GateIn 门户的应用程序,我在其中提交一个离线表单(一个 HTML 表单,使用 javascript 提交)。

我正在将我的表单提交到Servlet. Servlet检查用户是否登录。如果用户未登录,则将用户重定向到登录页面,解析表单数据并将其保存在会话中并显示登录页面。从登录页面用户输入凭据并提交。在登录 portlet 中,保存的会话数据不可用

同样的事情也在 Mozilla 中工作。

Servlet从哪里重定向到登录页面:

protected void doPost(HttpServletRequest aoRequest, HttpServletResponse aoResponse) throws ServletException, IOException
{
  MOLOGWRAPPER.info("SPEFormServiceServlet doPost start");
  Map<String, Object> loHMForm = null;
  String lsIsOffline = null;
  String lsServiceName = null;
  String lsApplicantId = null;
  lsIsOffline = (String) aoRequest.getParameter("Offline");
  String lsTimeStamp = null;
  long loTimeStamp;
  String lsContentPath = this.getServletConfig().getServletContext().getRealPath("");
  if (null != aoRequest.getParameter("formAction") && "fromLogin".equalsIgnoreCase(aoRequest.getParameter("formAction")))
  {
    loHMForm = (Map<String, Object>) aoRequest.getSession().getAttribute("OfflineData");
  }
  //MOLOGWRAPPER.info("LoHM after login in servlet "+loHMForm);
  String msUserId = null;
  if (null != aoRequest.getUserPrincipal())
    msUserId = aoRequest.getUserPrincipal().getName();
  HttpSession moSession = aoRequest.getSession();
  try
  {
    if (null != aoRequest.getParameter("serviceName"))
    {
      lsServiceName = aoRequest.getParameter("serviceName").trim();
    }
    lsApplicantId = aoRequest.getParameter("applicantId");
    // Getting unique time stamp for per user per service
    if (null != aoRequest.getParameter("timestamp"))
    {
      lsTimeStamp = aoRequest.getParameter("timestamp").trim();
      loTimeStamp = Long.parseLong(aoRequest.getParameter("timestamp"));
    } else
    {
      loTimeStamp = (new Date()).getTime();
      lsTimeStamp = String.valueOf(loTimeStamp);
      aoRequest.setAttribute("TMAttachment", lsTimeStamp);
    }
    if (null != lsIsOffline && lsIsOffline.equals("Y"))
    {
      if (null == msUserId)
      {
        try
        {
          MOLOGWRAPPER.info("SPEFormServiceServlet in logout block msUserId:" + msUserId);
          MOLOGWRAPPER.info("SPEFormServiceServlet in logout block SessionID:" + aoRequest.getSession().getId());
          aoRequest.logout();
        } catch (ServletException e)
        {
          e.printStackTrace();
        }
        aoRequest.getSession().setAttribute("OfflineData", loHMForm);
        aoRequest.setAttribute("OfflineData", loHMForm);
        aoResponse.sendRedirect(aoRequest.getScheme() + "://" + aoRequest.getServerName() + ":" + aoRequest.getServerPort() + "/portal/portal/Login?offlineFlag=y&FromForm=y&sp_serviceName=" + lsServiceName);
        return;
      }
    }
  } catch (Exception e)
  {

  }
}

登录 Portlet:

  • doView
public void doView(RenderRequest aoRequest, RenderResponse aoResponse)
    throws PortletException, IOException
{

  RenderRequestImpl renderRequest = (RenderRequestImpl) aoRequest;
  HttpServletRequestWrapper httpReq = renderRequest.getRealRequest();
  String serviceName = httpReq.getParameter("sp_serviceName");
  aoRequest.setAttribute("sp_serviceName", serviceName);
  String offlineFlag = httpReq.getParameter("offlineFlag");
  aoRequest.setAttribute("sp_offlineFlag", offlineFlag);
  String fromFrom = httpReq.getParameter("FromForm");
  aoRequest.setAttribute("FromForm", fromFrom);

  PortletSession moSession = aoRequest.getPortletSession();

  if (null != httpReq.getParameter("FromForm") && "Y".equalsIgnoreCase(fromFrom))
  {
    moSession.setAttribute("OfflineData",
        httpReq.getSession().getAttribute("OfflineData"),
        PortletSession.APPLICATION_SCOPE);
  }

  lscsrfVal = RandomStringUtils.randomAlphanumeric(40);
  moSession.setAttribute("csrfVal", lscsrfVal);
  aoRequest.setAttribute("csrfVal", lscsrfVal);
  logger.info("lscsrfVal :: " + lscsrfVal);
  logger.info("moSession : Doview id :: " + moSession.getId());
}
  • processAction
public void processAction(ActionRequest aoRequest, ActionResponse aoResponse)
    throws PortletException
{

  PortletSession moSession = aoRequest.getPortletSession();
  logger.info("moSession : Process Action id :: " + moSession.getId());
  logger.info("csrfVal == " + moSession.getAttribute("csrfVal"));
  HttpServletRequest req = Util.getPortalRequestContext().getRequest();
  HttpSession moHttpSession = req.getSession();
  moHttpSession.getAttribute("csrfVal");
  logger.info("moHttpSession : Process Action id :: " + moHttpSession.getId());
  logger.info("moHttpSession : Process Action OfflineData ::"
      + moHttpSession.getAttribute("OfflineData"));

  if (null != moSession.getAttribute("csrfVal")
      && null != aoRequest.getParameter("sp_csrf")
      && aoRequest.getParameter("sp_csrf").equals(moSession.getAttribute("csrfVal")))
  {
    logger.info("request is valid");
    moSession.removeAttribute("csrfVal");
  } else
  {
    moSession.setAttribute("csrfValErr", "true");
    logger.info("request is invalid :: Redirect to Login");
    return;
  }
}

日志:

15:37:41,387 INFO  [com.abc.sp.action.SPEFormServiceServlet] (ajp-/127.0.0.1:8009-1) SPEFormServiceServlet in logout block msUserId:null
15:37:41,387 INFO  [com.abc.sp.action.SPEFormServiceServlet] (ajp-/127.0.0.1:8009-1) SPEFormServiceServlet in logout block SessionID:k4dIpdc1Dqiadh4ZMCGTQaeN

15:37:44,418 INFO  [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) SPUserActionPortlet : doView : start
15:37:45,287 INFO  [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) lscsrfVal :: PLlmfohMhtPBkO2Qt7HAQAMQsdaAg5qsEWCII8aP
15:37:45,287 INFO  [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) moSession : Doview id :: NC9VLsKmqKPuev2AA304RMTU
15:37:45,287 INFO  [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) SPUserActionPortlet : doView : end

15:38:07,471 INFO  [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) SPUserActionPortlet : processAction : Start
15:38:07,491 INFO  [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) moSession : Process Action id :: o8t09QtNv7-fpR0hcP7uXs1g
15:38:07,491 INFO  [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) csrfVal == null
15:38:07,491 INFO  [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) moHttpSession : Process Action id :: o8t09QtNv7-fpR0hcP7uXs1g
15:38:07,491 INFO  [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) moHttpSession : Process Action OfflineData :: null
15:38:07,491 INFO  [com.abc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-1) request is invalid :: Redirect to Login                

编辑

带有 HttpServletRequest 的 doView 方法 httpReq=Util.getPortalRequestContext().getRequest();

public void doView(RenderRequest aoRequest, RenderResponse aoResponse)
            throws PortletException, IOException {
        HttpServletRequest httpReq=Util.getPortalRequestContext().getRequest();
        HttpSession moHttpSession =httpReq.getSession();
        String serviceName=httpReq.getParameter("sp_serviceName");
        aoRequest.setAttribute("sp_serviceName", serviceName);
        String offlineFlag=httpReq.getParameter("offlineFlag");
        aoRequest.setAttribute("sp_offlineFlag", offlineFlag);
        String fromFrom=httpReq.getParameter("FromForm");
        aoRequest.setAttribute("FromForm", fromFrom);
        PortletSession moSession = aoRequest.getPortletSession();
        if(null!=httpReq.getParameter("FromForm") && "Y".equalsIgnoreCase(fromFrom)){
            moSession.setAttribute("OfflineData", httpReq.getSession().getAttribute("OfflineData"), PortletSession.APPLICATION_SCOPE);
        }

        lscsrfVal =  RandomStringUtils.randomAlphanumeric(40);
        moSession.setAttribute("csrfVal",lscsrfVal);
        aoRequest.setAttribute("csrfVal",lscsrfVal);
        MOLOGWRAPPER.info("lscsrfVal :: "+lscsrfVal);
        MOLOGWRAPPER.info("moSession : Doview id :: "+moSession.getId());

    }

日志:在doView中:

11:56:05,636 INFO  [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-2) SPUserActionPortlet : doView : start
11:56:05,637 INFO  [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-2) lscsrfVal :: TsUGvRcevcuSeo4a7daqhl2bjU6lJf9Cg6MNLgYn
11:56:05,637 INFO  [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-2) moSession : Doview id :: 7jxf2nzyatjdxYgoMYYGHKyj
11:56:05,637 INFO  [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-2) SPUserActionPortlet : doView : end

日志:在 processAction:

11:56:37,526 INFO  [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-5) moSession : Process Action id :: -r96FXye5MlDW+xsEjUgKbzV
11:56:37,527 INFO  [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-5) csrfVal == null
11:56:37,527 INFO  [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-5) moHttpSession : Process Action id :: -r96FXye5MlDW+xsEjUgKbzV
11:56:37,528 INFO  [com.acc.sp.action.SPUserActionPortlet] (ajp-/127.0.0.1:8009-5) moHttpSession : Process Action OfflineData :: null
4

1 回答 1

0

Portlet 规范(JSR-168 和 JSR-286)规定了 Portlet 的生命周期,它的流程如下:

初始化 -> processAction -> 渲染 -> 销毁

doView方法在门户容器触发渲染进程并且门户处于查看模式时执行。因此,该方法在该方法之后调用processAction。因此,请尝试反转轮子并将会话属性设置在processAction方法中而不是方法中doView

于 2014-08-27T12:31:48.443 回答