Java开发网 Java开发网
注册 | 登录 | 帮助 | 搜索 | 排行榜 | 发帖统计  

您没有登录

» Java开发网 » Java Security » 精华区  

按打印兼容模式打印这个话题 打印话题    把这个话题寄给朋友 寄给朋友    该主题的所有更新都将Email到你的邮箱 订阅主题
flat modethreaded modego to previous topicgo to next topicgo to back
话题被移动
该话题已被移动 - menzy , 2004-05-09 08:23
如果您尚不清楚该话题被移动的原因,请参考论坛规则以及本版公告或者联系本版版主。
作者 Re:关于J2EE登录方式的问题,高手请进 [Re:wuliang]
east





发贴: 9
积分: 0
于 2004-06-26 03:10 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
<<<
但是我现在用:
<form method="POST" action="login.cgi">
<input type="text" name="name">
<input type="password" name="password">
</form>

我的login怎么能通知“容器”我已经登录了?也就是HttpServletRequest.getUserPrincipal.getName要返回我的登录名
我的感觉就是自己的login,没法和容器挂钩,getUserPrincipal只承认basic,form,mutual登录……不是绝对确定
>>>

Your proposed solution seems not correct. I don't like to spend time on analyzing your solution. But I would show you a working solution. Frankly I am not quire familiar with any other J2EE Application Server (AS) except Weblogic.
Now let me take WLS 6.1 as an example then you may follow my process to do on other platforms (servers).
In your case, you'd better use so called "Custom Realm". WLS provides its user interfaces (abstract classes may be more appropriate). So what you need to do is to extend them. Sounds simple? Maybe not really.
Specifically, you need to design three classes, e.g., MyUser extends User, MyGroup extends FlatGroup, and MyRealm extends AbstractListableRealm and implements RefreshableRealm, DebuggableRealm (if you want to debug your realm implementation in runtime env).

User and Group are very straightfoward. Only in realm, there are some tricks. In MyRealm default constructor, you may initialize resources for later uses. The key point is the method of authenticate(String userName, String passWord) with a return boolean value. Now you can put your real authentication stuff here. e.g. pass in the userName/passWord into a CGI script or something by using URL (java class). Then you can determine that boolean value based on the returned result or the value you parse from the returned message.

The authenticated user is then loaded into MyUser. Next, you have to define getUser(), getUsers(), getGroup(), getGroups(), and etc. Nothing is diffcult here because all these methods are required in super classes.

Finally, you need to use admin console to configure your custom realm. That's easy to do.

The remianing tasks, regarding web.xml, shoudn't be hard. You can put url pattern to protect your resources in the tag of <web-resource-collection>, put your list of roles in the tag of <auth-constraint>, each role name should be defined in <security-role>, and etc.

After users log in the system, getRemoteUser(), getPrincipal(), isInRole(), and etc should work for you.

I know my response might be late for you. But maybe it helps to someone else.



话题树型展开
人气 标题 作者 字数 发贴时间
28172 [精华] 关于J2EE登录方式的问题,高手请进 wuliang 346 2004-04-27 14:41
24206 Re:关于J2EE登录方式的问题,高手请进 wuliang 301 2004-04-27 14:44
23888 Re:关于J2EE登录方式的问题,高手请进 floater 204 2004-05-10 10:33
25197 Re:关于J2EE登录方式的问题,高手请进 east 2406 2004-06-26 03:10
24200 Re:关于J2EE登录方式的问题,高手请进 wuliang 646 2004-04-27 14:48
24046 Re:关于J2EE登录方式的问题,高手请进 wuliang 126 2004-04-27 14:51
24007 Re:关于J2EE登录方式的问题,高手请进 wuliang 165 2004-04-27 17:37
24534 Re:关于J2EE登录方式的问题,高手请进 mfc42d 13 2004-04-29 16:53
23925 Re:关于J2EE登录方式的问题,高手请进 floater 35 2004-04-29 21:31
24037 Re:关于J2EE登录方式的问题,高手请进 wuliang 242 2004-04-30 09:43
23854 Re:关于J2EE登录方式的问题,高手请进 floater 55 2004-05-04 23:12
24181 Re:关于J2EE登录方式的问题,高手请进 wuliang 481 2004-05-08 08:40

flat modethreaded modego to previous topicgo to next topicgo to back
  已读帖子
  新的帖子
  被删除的帖子
Jump to the top of page

   Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent
Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1
客服电话 18559299278    客服信箱 714923@qq.com    客服QQ 714923