我知道这不是它的意思,而且完全错了,但订单是订单,我需要做以下事情: 用户使用参数上的accesskey访问servlet,如下所示:
http://myhost/my_app/servlet?accesskey=XXXXX
然后,servlet获取密钥并使用它在接缝上验证用户,是否可能?到目前为止,我无法做到这一点
答案 0 :(得分:1)
servlet中的这段代码应该可以让你访问你的接缝组件。
Lifecycle.beginCall();
Authenticator authenticator = (Authenticator)Component.getInstance("authenticator");
LifeCycle.endCall();
答案 1 :(得分:1)
根据您的问题,不清楚您是否需要创建自定义servlet,或者您只需要根据请求参数进行登录。主要区别在于Seam不拦截自定义servlet,除非您手动启动接缝生命周期,否则不能使用组件(如Trind所述,您需要使用LifeCycle.beginCall()
和LifeCycle.endCall()
才能从外部SeamFilter
调用时使用Seam组件。除此之外,这两种解决方案的工作方式相似。
创建一个将处理身份验证的组件:
@Name("myAuthenticator")
public class MyAuthenticator implements Serializable {
// Seam's identity component
@In private transient Identity identity;
// When logged in, the user needs to have some roles, usually
// you assign these dynamically based on user name, type, etc., here
// I just initialize it to a fixed list of roles
ArrayList<String> roles = new ArrayList<String>(Arrays.toList(
new String[] { "base", "admin" }));
// Access key (getters and setters omitted but are necessary)
private String accessKey;
public String doAuth() {
// Check accessKey validity (against an SSO service or
// in your DB or whatever), here we do a trivial check.
boolean userCanAccess = "ADMINKEY".equals(accessKey);
if (userCanAccess) {
identity.acceptExternallyAuthenticatedPrincipal(
new SimplePrincipal("username"));
// Assign user roles
for (String role : roles) {
identity.addRole(role);
}
return "ok";
}
return "ko";
}
}
现在创建一个登录页面描述符,它将通过参数处理登录(比如说externalLogin.page.xml
,你不需要为此创建一个.xhtml
页面):
<page>
<!-- this sets the accessKey variable with the query parameter -->
<param name="accessKey" value="#{myAuthenticator.accessKey}" />
<!-- this invokes our authentication action -->
<action execute="#{myAuthenticator.doAuth}" />
<!-- navigation rules, these determine what to do if auth is ok or fails -->
<navigation from-action="#{myAuthenticator.doAuth}">
<rule if-outcome="ko">
<redirect view-id="/error.xhtml">
<message severity="ERROR">Invalid Authentication Key</message>
</redirect>
</rule>
<rule if-outcome="ok">
<redirect view-id="/home.xhtml">
<message severity="INFO">Welcome!</message>
</redirect>
</rule>
</navigation>
</page>
现在要执行登录,您可以使用该页面,如下所示:
http://localhost:8080/yourapp/externalLogin.seam?accessKey=XXXXXXXX
如果你需要使用自定义servlet(非常不可能,但仍然如此),上面的组件不会改变,只需在servlet中调用它,如下所示:
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
// Start Seam lifecycle
LifeCycle.beginCall();
// Get an instance of the authenticator component from Seam
MyAuthenticator auth = Component.getInstance("myAuthenticator");
// Set access key in component and perform auth
auth.setAccessKey(req.getParameter("accessKey"));
String result = auth.doAuth();
// End Seam lifecycle, no more component calls are needed.
LifeCycle.endCall();
// Do something here with the result
if ("ok".equals(result)) {
resp.sendRedirect(...);
}
}