基于Glassfish表格的认证

Question

我正在关注http://docs.oracle.com/cd/E19798-01/821-1841/bncby/index.html链接以了解基于表单的身份验证。我已经完成了执行基于表单的身份验证所需的操作，但在检查角色时我总是采用false。这是我的配置。我错过了什么？

AutBean.java

public void login(){
        HttpServletRequest request = getHttpServletRequest();
        boolean intutRole=request.isUserInRole("TutorialUser");
        System.out.println("intutRole:"+intutRole);
        System.out.println(request.getContentLength());
    }

    protected HttpServletRequest getHttpServletRequest(){
        FacesContext fc = getFacesContext();
        ExternalContext ec = fc.getExternalContext();
        HttpServletRequest request = (HttpServletRequest)ec.getRequest();
        return request;
    }

    protected FacesContext getFacesContext(){
        FacesContext fc = FacesContext.getCurrentInstance();
        return fc;
    }

的的web.xml

  <!-- Form Based Authentication -->
    <security-constraint>
        <display-name>Constraint1</display-name>
        <web-resource-collection>
            <web-resource-name>wrcoll</web-resource-name>
            <description/>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>TutorialUser</role-name>
        </auth-constraint>
    </security-constraint>


    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>file</realm-name>
        <form-login-config>
            <form-login-page>/login.xhtml</form-login-page>
            <form-error-page>/error.xhtml</form-error-page>
        </form-login-config>
    </login-config>

    <security-role>
        <description/>
        <role-name>TutorialUser</role-name>
    </security-role>

Answer 1

添加调用request.login（用户名，密码）后，它可以正常工作。

public void login() {
    HttpServletRequest request = getHttpServletRequest();
    try {
        request.login(username, password);          
    } catch (ServletException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    boolean intutRole = request.isUserInRole("TutorialUser");
    System.out.println("intutRole:" + intutRole);
    System.out.println(request.getContentLength());
}

确保您使用的是Servlet 3.0。 HttpServletRequest没有登录方法，以前的Servlet版本。因此，您必须将以下依赖项添加到pom.xml

<dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>javax.servlet-api</artifactId>
        <version>3.0.1</version>
        <scope>provided</scope>
</dependency>