0

我使用基于 Liferay 的网站并尝试实现一个登录挂钩,以防止用户在某些条件下登录。我想让它尽可能简单,例如:

    @Override
    public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException
    {
        if (condition)
        {
            //redirect to login page, send a message back but just don't let the user login
            //but don't block or ban him either.
        }
    }

它必须看起来像一个错误的密码错误,但它必须在门​​户端,在用户甚至登录之前(因此 PreLoginAction 类)

编辑:好的,我使用注销和重定向方法返回登录页面。但我仍然想生成一条错误消息。我试过这样

    @Override
    public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException
    {
        if (condition)
        {
            SessionErrors.add(request, "error");
            response.sendRedirect("/c/portal/logout");
        }
    }

对于 login.jsp,我添加了第一行,但我猜它对于登录操作的工作方式不一样。没有错误信息显示

<liferay-ui:error key="error" message="this-account-has-been-locked" />
<liferay-ui:error exception="<%= AuthException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= CompanyMaxUsersException.class %>" message="unable-to-login-because-the-maximum-number-of-users-has-been-reached" />
<liferay-ui:error exception="<%= CookieNotSupportedException.class %>" message="authentication-failed-please-enable-browser-cookies" />
<liferay-ui:error exception="<%= NoSuchUserException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= PasswordExpiredException.class %>" message="your-password-has-expired" />
<liferay-ui:error exception="<%= UserEmailAddressException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= UserLockoutException.class %>" message="this-account-has-been-locked" />
<liferay-ui:error exception="<%= UserPasswordException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= UserScreenNameException.class %>" message="authentication-failed" />

还有其他方法吗?我也试过这条线

request.getSession().setAttribute("loginError", "failure message");

并试图${loginError}在jsp中阅读,但它也不起作用。

4

2 回答 2

1

您可以简单地将用户重定向到response.redirect("/c/portal/logout")实际注销用户并将他重定向到主页的用户。

如果您想自己以编程方式注销用户然后重定向,您可以使用以下代码:

    @Override
public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {

    if (condition) {

        // Whatever here ...

        // Logout the user.
        request.getSession().invalidate();

        // Redirect
        response.redirect(<YOUR_PAGE>)
    }
}
于 2016-07-11T08:38:25.363 回答
0

您可以使用身份验证管道,您可以制作一个检查条件的身份验证器

public class CustomAuth implements Authenticator {
    @Override
    public int authenticateByEmailAddress(long companyId, String emailAddress, String password, Map<String, String[]> headerMap, Map<String, String[]> parameterMap) throws AuthException {
        return 0;
    }

    @Override
    public int authenticateByScreenName(long companyId, String screenName, String password, Map<String, String[]> headerMap, Map<String, String[]> parameterMap) throws AuthException {
        return 0;
    }

    @Override
    public int authenticateByUserId(long companyId, long userId, String password, Map<String, String[]> headerMap, Map<String, String[]> parameterMap) throws AuthException {
        return 0;
    }
}

将您的身份验证器添加到 portal.properties 中的管道

auth.pipeline.pre=package.CustomAuth

或者

auth.pipeline.post=package.CustomAuth

或者您可以使用身份验证验证器

public class CustomVerifier implements AuthVerifier{
    @Override
    public String getAuthType() {
        return null;
    }

    @Override
    public AuthVerifierResult verify(AccessControlContext accessControlContext, Properties properties) throws AuthException {
        return null;
    }
}

并将其配置到portal.properties中的管道

auth.verifier.pipeline=

在您的情况下,也许最好的选择是AuthVerifier

于 2016-07-11T08:52:49.010 回答