east
发贴: 9
积分: 0
|
于 2004-06-26 03:10
<<< 但是我现在用: <form method="POST" action="login.cgi"> <input type="text" name="name"> <input type="password" name="password"> </form>
我的login怎么能通知“容器”我已经登录了?也就是HttpServletRequest.getUserPrincipal.getName要返回我的登录名 我的感觉就是自己的login,没法和容器挂钩,getUserPrincipal只承认basic,form,mutual登录……不是绝对确定 >>>
Your proposed solution seems not correct. I don't like to spend time on analyzing your solution. But I would show you a working solution. Frankly I am not quire familiar with any other J2EE Application Server (AS) except Weblogic. Now let me take WLS 6.1 as an example then you may follow my process to do on other platforms (servers). In your case, you'd better use so called "Custom Realm". WLS provides its user interfaces (abstract classes may be more appropriate). So what you need to do is to extend them. Sounds simple? Maybe not really. Specifically, you need to design three classes, e.g., MyUser extends User, MyGroup extends FlatGroup, and MyRealm extends AbstractListableRealm and implements RefreshableRealm, DebuggableRealm (if you want to debug your realm implementation in runtime env).
User and Group are very straightfoward. Only in realm, there are some tricks. In MyRealm default constructor, you may initialize resources for later uses. The key point is the method of authenticate(String userName, String passWord) with a return boolean value. Now you can put your real authentication stuff here. e.g. pass in the userName/passWord into a CGI script or something by using URL (java class). Then you can determine that boolean value based on the returned result or the value you parse from the returned message.
The authenticated user is then loaded into MyUser. Next, you have to define getUser(), getUsers(), getGroup(), getGroups(), and etc. Nothing is diffcult here because all these methods are required in super classes.
Finally, you need to use admin console to configure your custom realm. That's easy to do.
The remianing tasks, regarding web.xml, shoudn't be hard. You can put url pattern to protect your resources in the tag of <web-resource-collection>, put your list of roles in the tag of <auth-constraint>, each role name should be defined in <security-role>, and etc.
After users log in the system, getRemoteUser(), getPrincipal(), isInRole(), and etc should work for you.
I know my response might be late for you. But maybe it helps to someone else.
|