我知道这不是本来的样子,而且完全错误,但命令就是命令,我需要执行以下操作: 用户使用参数上的 accesskey 访问 servlet,如下所示:
http://myhost/my_app/servlet?accesskey=XXXXX
然后 servlet 获取 key 并用它对用户进行身份验证,这可能吗?到目前为止我还没能做到
最佳答案
从您的问题来看,不清楚您是否需要创建自定义 servlet,或者您只需要根据请求参数进行登录。主要区别是自定义 servlet 不会被 Seam 拦截,并且除非您手动启动 Seam 生命周期,否则您无法使用组件(正如 Trind 所指出的,您需要使用 LifeCycle.beginCall()
和 LifeCycle.endCall()
以便在从外部SeamFilter
调用时能够使用Seam组件。除此之外,这两种解决方案的工作原理类似。
创建一个将处理身份验证的组件:
@Name("myAuthenticator")
public class MyAuthenticator implements Serializable {
// Seam's identity component
@In private transient Identity identity;
// When logged in, the user needs to have some roles, usually
// you assign these dynamically based on user name, type, etc., here
// I just initialize it to a fixed list of roles
ArrayList<String> roles = new ArrayList<String>(Arrays.toList(
new String[] { "base", "admin" }));
// Access key (getters and setters omitted but are necessary)
private String accessKey;
public String doAuth() {
// Check accessKey validity (against an SSO service or
// in your DB or whatever), here we do a trivial check.
boolean userCanAccess = "ADMINKEY".equals(accessKey);
if (userCanAccess) {
identity.acceptExternallyAuthenticatedPrincipal(
new SimplePrincipal("username"));
// Assign user roles
for (String role : roles) {
identity.addRole(role);
}
return "ok";
}
return "ko";
}
}
现在创建一个登录页面描述符,它将通过参数处理登录(例如externalLogin.page.xml
,您不需要为以下内容创建.xhtml
页面)这个):
<page>
<!-- this sets the accessKey variable with the query parameter -->
<param name="accessKey" value="#{myAuthenticator.accessKey}" />
<!-- this invokes our authentication action -->
<action execute="#{myAuthenticator.doAuth}" />
<!-- navigation rules, these determine what to do if auth is ok or fails -->
<navigation from-action="#{myAuthenticator.doAuth}">
<rule if-outcome="ko">
<redirect view-id="/error.xhtml">
<message severity="ERROR">Invalid Authentication Key</message>
</redirect>
</rule>
<rule if-outcome="ok">
<redirect view-id="/home.xhtml">
<message severity="INFO">Welcome!</message>
</redirect>
</rule>
</navigation>
</page>
现在要执行登录,您可以使用该页面,如下所示:
http://localhost:8080/yourapp/externalLogin.seam?accessKey=XXXXXXXX
如果您需要使用自定义 servlet(不太可能,但尽管如此),上面的组件不会改变,只需从 servlet 中调用它,如下所示:
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
// Start Seam lifecycle
LifeCycle.beginCall();
// Get an instance of the authenticator component from Seam
MyAuthenticator auth = Component.getInstance("myAuthenticator");
// Set access key in component and perform auth
auth.setAccessKey(req.getParameter("accessKey"));
String result = auth.doAuth();
// End Seam lifecycle, no more component calls are needed.
LifeCycle.endCall();
// Do something here with the result
if ("ok".equals(result)) {
resp.sendRedirect(...);
}
}
关于java - 如何通过Servlet进行seam-authentication,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12252765/