我正在研究项目的安全架构,使用JaX-RS构建嵌入式Tomcat。我已经保护了服务器端,每当未经授权的用户尝试访问特定的JSP页面时,我都需要重定向到登录页面。问题是rest服务和jsp创建了不同的会话,因此所需的会话对象在jsp中返回null
代码示例:
VisorSecurity类
public class VisorSecurity
{
private String userName;
private String role;
private boolean isAuth;
public VisorSecurity(){
}
public String getUserName()
{
return userName;
}
public void setUserName(String userName)
{
this.userName = userName;
}
public String getRole()
{
return role;
}
public void setRole(String role)
{
this.role = role;
}
public boolean isIsAuth()
{
return isAuth;
}
public void setIsAuth(boolean isAuth)
{
this.isAuth = isAuth;
}
}
休息功能
@GET
@Path("/select/")
public String selectServer(@Context HttpServletRequest req)
{
HttpSession session = req.getSession(true);
VisorSecurity security = isAuthorized(session);
if (security.isIsAuth()) {
StringBuilder serverList = new StringBuilder();
List<Server> servers = Ebean.find(Server.class).findList();
serverList.append("<ul class=\"nav nav-pills nav-stacked\">");
for (Server server : servers) {
String this_link = "<li role=\"presentation\"><a href=\"/View/serverControl.jsp?server=" + server.getName() + "\">" + server.getName() + " Control</a></li>";
serverList.append(this_link);
}
serverList.append("</ul>");
System.out.println(serverList.toString());
return serverList.toString();
}
else {
return "unauthorized";
}
}
Authorization.class
public VisorSecurity isAuthorized(HttpSession session)
{
VisorSecurity security;
try {
security = (VisorSecurity)session.getAttribute("security");
System.out.println("Into Login: " + session.getId());
_logger.info("User: \n");
_logger.info(security.getUserName() + "\n");
_logger.info(security.getRole());
}
catch (Exception e) {
security = new VisorSecurity();
security.setUserName("none");
security.setRole("unauthorized");
_logger.info("User: \n");
_logger.info(security.getUserName() + "\n");
_logger.info(security.getRole());
security.setIsAuth(false);
}
return security;
}
navigator jsp
<% //Want to retrieve the session
session.getAttribute("security"); %>
我尝试了所有相关帖子建议,但jsp总是会创建一个新会话