我刚刚在嵌入式jetty Web服务器中添加了身份验证。我正在使用JDBCLoginService,一切正常。
我现在想要添加一个登录页面。并且它不再起作用了:当调用FormAuthenticator.validate方法时,它正在尝试获取HTTPsession而没有找到。
我一直在尝试创建Sessions,但我一直无法找到正确的API。有人可以举个例子吗?
这是我的代码:
// the file server part
ResourceHandler resource_handler = new ResourceHandler();
resource_handler.setDirectoriesListed(false);
resource_handler.setResourceBase("www");
resource_handler.setDirectoriesListed(false);
resource_handler.setWelcomeFiles(new String[]{ "html/dashboard.html" });
// the JSP part
WebAppContext webAppContext = new WebAppContext();
webAppContext.setResourceBase("www");
webAppContext.setInitParameter("dirAllowed", "false");
webAppContext.addServlet(new ServletHolder(new QueryGlobals()), "/queries/globals");
webAppContext.addServlet(new ServletHolder(new QueryAllVenues()), "/queries/all_venues");
HandlerList handlers = new HandlerList();
handlers.setHandlers(new Handler[] {
// static files
resource_handler,
// servlets
webAppContext,
// 404
new DefaultHandler()
});
// get the path for the authentication settings
// it should be in the same folder than the platform location
File configFile = new File(System.getProperty("com.bnpp.firefly.configfile"));
File authConfigFile = new File(configFile.getParent(), "auth.properties");
LoginService loginService = new org.eclipse.jetty.security.JDBCLoginService("MyRealm", authConfigFile.getPath());
m_server.addBean(loginService);
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
Constraint constraint = new Constraint();
constraint.setName(Constraint.__FORM_AUTH);
constraint.setAuthenticate(true);
constraint.setRoles(new String[] { "user", "admin" });
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
security.addConstraintMapping(mapping);
FormAuthenticator authenticator = new FormAuthenticator("/html/login.html", "/html/login.html", false);
security.setAuthenticator(authenticator);
security.setLoginService(loginService);
security.setHandler(handlers);
m_server.setHandler(security);
m_server.start();
答案 0 :(得分:0)
我找到了解决方案。诀窍是只使用WebAppContext。它提供: *一个SessionHandler *一个ResouceHandler *并允许设置SecurityHandler
我的代码现在是:
// Creating the server on port webPort
m_server = new Server(webPort);
// get the path for the authentication settings
// it should be in the same folder than the platform location
File configFile = new File(System.getProperty("com.bnpp.firefly.configfile"));
File authConfigFile = new File(configFile.getParent(), "auth.properties");
// set the login service
LoginService loginService = new org.eclipse.jetty.security.JDBCLoginService("MyRealm", authConfigFile.getPath());
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
// no authentication for these items
{
Constraint constraint = new Constraint();
constraint.setAuthenticate(false);
for (String pathSpec: new String[] {
"/images/*",
"/css/*",
"/lib/*",
})
{
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec(pathSpec);
mapping.setConstraint(constraint);
security.addConstraintMapping(mapping);
}
}
// must have authentication for the rest
{
Constraint constraint = new Constraint();
constraint.setName(Constraint.__FORM_AUTH);
constraint.setAuthenticate(true);
constraint.setRoles(new String[] { "user", "admin" });
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
security.addConstraintMapping(mapping);
}
security.setLoginService(loginService);
FormAuthenticator authenticator = new FormAuthenticator("/html/login.html", "/html/login.html?error=true", false);
security.setAuthenticator(authenticator);
// the JSP part
WebAppContext webAppContext = new WebAppContext();
//webAppContext.setContextPath("/");
webAppContext.setResourceBase("www");
webAppContext.setInitParameter("dirAllowed", "false");
//Including the JSTL jars for the webapp.
webAppContext.setAttribute("org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern",".*/[^/]*jstl.*\\.jar$");
//Enabling the Annotation based configuration
org.eclipse.jetty.webapp.Configuration.ClassList classlist = org.eclipse.jetty.webapp.Configuration.ClassList.setServerDefault(m_server);
classlist.addAfter("org.eclipse.jetty.webapp.FragmentConfiguration", "org.eclipse.jetty.plus.webapp.EnvConfiguration", "org.eclipse.jetty.plus.webapp.PlusConfiguration");
classlist.addBefore("org.eclipse.jetty.webapp.JettyWebXmlConfiguration", "org.eclipse.jetty.annotations.AnnotationConfiguration");
webAppContext.addServlet(new ServletHolder(new QueryGlobals()), "/queries/globals");
webAppContext.addServlet(new ServletHolder(new QueryAllVenues()), "/queries/all_venues");
webAppContext.addServlet(new ServletHolder(new QuerySearchCSV()), "/queries/searchCSV");
webAppContext.addServlet(new ServletHolder(new QuerySearchWithPaging()), "/queries/searchWithPaging");
webAppContext.setWelcomeFiles(new String [] {"html/dashboard.html"});
// this will set authentication
webAppContext.setSecurityHandler(security);
webAppContext.getSessionHandler().setMaxInactiveInterval(24 * 60 * 60);
// what the server serves
m_server.setHandler(webAppContext);
m_server.start();