ServletRequestListener - 获取userprincipal返回null

时间:2013-04-18 14:10:17

标签: java-ee-6 embedded-jetty servlet-3.0 http-basic-authentication

我有一个使用HTTP-Basic身份验证保护的Web应用程序。 我还使用ServletRequestListener接口实现了一个过滤器。现在,当过滤器调用requestInitialized方法时,请求的getUserPrincipal-Method返回null。但是当我检查请求标头时,授权标头设置了加密值。这是代码:

@Override
public void requestInitialized(ServletRequestEvent e) {

  HttpServletRequest request = (HttpServletRequest) e.getServletRequest();

  //p is null
  Principal p = request.getUserPrincipal();

  Enumeration<String> enH = request.getHeaders("Authorization");
  while (enH.hasMoreElements()) {
    String s = enH.nextElement();
    System.out.println(s);
    //prints. 
    //Basic c3RhY2tvdmVyZmxvdzpteXBhc3N3b3Jk
  }
}

为什么没有初始化userprincipal?

2 个答案:

答案 0 :(得分:2)

您可能没有为embedded-jetty设置所需的安全层。

这是example中找到的Jetty embedded examples source tree

package org.eclipse.jetty.embedded;

import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.util.security.Constraint;

public class SecuredHelloHandler
{
    public static void main(String[] args) throws Exception
    {
        Server server = new Server(8080);

        LoginService loginService = new HashLoginService("MyRealm","src/test/resources/realm.properties");
        server.addBean(loginService); 

        ConstraintSecurityHandler security = new ConstraintSecurityHandler();
        server.setHandler(security);

        Constraint constraint = new Constraint();
        constraint.setName("auth");
        constraint.setAuthenticate( true );
        constraint.setRoles(new String[]{"user", "admin"});

        ConstraintMapping mapping = new ConstraintMapping();
        mapping.setPathSpec( "/*" );
        mapping.setConstraint( constraint );

        Set<String> knownRoles = new HashSet<String>();
        knownRoles.add("user");
        knownRoles.add("admin");

        security.setConstraintMappings(Collections.singletonList(mapping), knownRoles);
        security.setAuthenticator(new BasicAuthenticator());
        security.setLoginService(loginService);
        security.setStrict(false);

        // Your Handler (or Servlet) that should be secured
        HelloHandler hh = new HelloHandler();

        security.setHandler(hh);

        server.start();
        server.join();
    }
}

答案 1 :(得分:1)

我通过使用Filter而不是Listener来解决它.. 

@WebFilter(urlPatterns = { "/*" })
public class RequestFilter implements Filter {

@Override
public void doFilter(ServletRequest req, ServletResponse res,
        FilterChain fChain) throws IOException, ServletException {
    HttpServletRequest hReq = (HttpServletRequest) req;
    //p is not null anymore
    Principal p = hReq.getUserPrincipal();
    fChain.doFilter(hReq, res);
}

@Override
public void destroy() {
}

@Override
public void init(FilterConfig config) throws ServletException {
}
}
相关问题
最新问题