Embedded Jetty - 以编程方式添加基于表单的身份验证

时间:2012-12-07 19:16:21

标签: java ldap jetty forms-authentication

有没有办法以编程方式添加基于表单的身份验证,如下所示? 我正在使用自己的LdapLoginModule。最初我使用基本身份验证,它工作正常,但现在我想在登录页面上更多控制(如显示徽标等)

有没有好的样品?

我正在使用嵌入式jetty v8.1.7。我没有对嵌入式jetty使用任何web.xml。 jetty服务器以编程方式启动。

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Test JAAS Realm</realm-name>
    <form-login-config>
        <form-login-page>/login.html</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
</login-config>

1 个答案:

答案 0 :(得分:11)

创建FormAuthenticator并在SecurityHandler上为ServletContextHandler设置此项。此代码创建一个包含2个servlet的普通服务器。第一个servlet以经过身份验证的用户名的hello messsage响应。第二个servlet实现了一个简单的登录表单。

您应该可以将代码粘贴到main[]并运行(您需要在类路径中使用以下jar; jetty-serverjetty-servletjetty-security)。要进行测试,请将浏览器指向http://localhost:8080,在看到hello username的响应之前,系统会提示您输入凭据(用户名/密码)。

Server server = new Server(8080);
ServletContextHandler context = new ServletContextHandler(server, "/", ServletContextHandler.SESSIONS | ServletContextHandler.SECURITY);

context.addServlet(new ServletHolder(new DefaultServlet() {
  @Override
  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.getWriter().append("hello " + request.getUserPrincipal().getName());
  }
}), "/*");

context.addServlet(new ServletHolder(new DefaultServlet() {
  @Override
  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.getWriter().append("<html><form method='POST' action='/j_security_check'>"
      + "<input type='text' name='j_username'/>"
      + "<input type='password' name='j_password'/>"
      + "<input type='submit' value='Login'/></form></html>");
    }
}), "/login");

Constraint constraint = new Constraint();
constraint.setName(Constraint.__FORM_AUTH);
constraint.setRoles(new String[]{"user","admin","moderator"});
constraint.setAuthenticate(true);

ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setConstraint(constraint);
constraintMapping.setPathSpec("/*");

ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.addConstraintMapping(constraintMapping);
HashLoginService loginService = new HashLoginService();
loginService.putUser("username", new Password("password"), new String[] {"user"});
securityHandler.setLoginService(loginService);

FormAuthenticator authenticator = new FormAuthenticator("/login", "/login", false);
securityHandler.setAuthenticator(authenticator);

context.setSecurityHandler(securityHandler);

server.start();
server.join();