如何通过Servlet进行seam-authenticate

时间:2012-09-03 18:49:49

标签: java seam jsf-1.2 jboss-4.2.x

我知道这不是它的意思,而且完全错了,但订单是订单,我需要做以下事情: 用户使用参数上的accesskey访问servlet,如下所示:

http://myhost/my_app/servlet?accesskey=XXXXX

然后,servlet获取密钥并使用它在接缝上验证用户,是否可能?到目前为止,我无法做到这一点

2 个答案:

答案 0 :(得分:1)

servlet中的这段代码应该可以让你访问你的接缝组件。

Lifecycle.beginCall();

Authenticator authenticator = (Authenticator)Component.getInstance("authenticator");

LifeCycle.endCall();

答案 1 :(得分:1)

根据您的问题,不清楚您是否需要创建自定义servlet,或者您只需要根据请求参数进行登录。主要区别在于Seam不拦截自定义servlet,除非您手动启动接缝生命周期,否则不能使用组件(如Trind所述,您需要使用LifeCycle.beginCall()LifeCycle.endCall()才能从外部SeamFilter调用时使用Seam组件。除此之外,这两种解决方案的工作方式相似。

创建一个将处理身份验证的组件:

@Name("myAuthenticator")
public class MyAuthenticator implements Serializable {

    // Seam's identity component
    @In private transient Identity identity;

    // When logged in, the user needs to have some roles, usually
    // you assign these dynamically based on user name, type, etc., here
    // I just initialize it to a fixed list of roles
    ArrayList<String> roles = new ArrayList<String>(Arrays.toList(
            new String[] { "base", "admin" }));

    // Access key (getters and setters omitted but are necessary)
    private String accessKey;

    public String doAuth() {
        // Check accessKey validity (against an SSO service or 
        // in your DB or whatever), here we do a trivial check.
        boolean userCanAccess = "ADMINKEY".equals(accessKey);

        if (userCanAccess) {
            identity.acceptExternallyAuthenticatedPrincipal(
                    new SimplePrincipal("username"));

            // Assign user roles
            for (String role : roles) {
                identity.addRole(role);
            }
            return "ok";
        }
        return "ko";
    }
}

现在创建一个登录页面描述符,它将通过参数处理登录(比如说externalLogin.page.xml,你不需要为此创建一个.xhtml页面):

<page>
    <!-- this sets the accessKey variable with the query parameter -->
    <param name="accessKey" value="#{myAuthenticator.accessKey}" />

    <!-- this invokes our authentication action -->
    <action execute="#{myAuthenticator.doAuth}" />

    <!-- navigation rules, these determine what to do if auth is ok or fails -->
    <navigation from-action="#{myAuthenticator.doAuth}">
        <rule if-outcome="ko">
            <redirect view-id="/error.xhtml">
                <message severity="ERROR">Invalid Authentication Key</message>
            </redirect>
        </rule>
        <rule if-outcome="ok">
            <redirect view-id="/home.xhtml">
                <message severity="INFO">Welcome!</message>
            </redirect>
        </rule>
    </navigation>
</page>

现在要执行登录,您可以使用该页面,如下所示:

http://localhost:8080/yourapp/externalLogin.seam?accessKey=XXXXXXXX

如果你需要使用自定义servlet(非常不可能,但仍然如此),上面的组件不会改变,只需在servlet中调用它,如下所示:

public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
    // Start Seam lifecycle
    LifeCycle.beginCall();
    // Get an instance of the authenticator component from Seam
    MyAuthenticator auth = Component.getInstance("myAuthenticator");
    // Set access key in component and perform auth
    auth.setAccessKey(req.getParameter("accessKey"));
    String result = auth.doAuth();
    // End Seam lifecycle, no more component calls are needed.
    LifeCycle.endCall();

    // Do something here with the result
    if ("ok".equals(result)) {
        resp.sendRedirect(...);
    }
}