应用程序的sso登录方式有多种,下面介绍一种形式:表单验证.
1.登录表单如下
密 码:
2.表单的action:j_security_check是一个过滤器
在web.xml里有所体现
http://java.sun.com/dtd/web-app_2_3.dtd">
FormLogin
J2EE Form Login Web Application
LoginFilter
LoginFilter
com.mdcl.pms.sso.filter.LoginFilter
LoginFilter
/j_security_check
/index.jsp
FORM
/login.jsp
/loginError.jsp
All Authenticated User Role
All Role
3.j_security_check的代码
public class LoginFilter implements Filter {
private Object filterConfig;
/**
* @see javax.servlet.Filter#destroy ()
*/
public void destroy() {
this.filterConfig = null;
}
/**
* @see javax.servlet.Filter#doFilter (javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
public void doFilter(
ServletRequest req,
ServletResponse resp,
FilterChain chain)
throws ServletException, IOException {
HttpServletRequest hreq = (HttpServletRequest)req;
HttpServletResponse hres= (HttpServletResponse)resp;
// pre login action
// get username
String username = hreq.getParameter("j_username");
//hreq.getSession().setAttribute("USER_ID", username);
hreq.getSession().setAttribute("USER_ID", hreq.getParameter("uid"));
hreq.getSession().setAttribute("PASSWORD", hreq.getParameter("j_password"));
chain.doFilter(req, resp);
// post login action
// log the time stamp for login
String timeStamp = null;
Locale locale = req.getLocale();
DateFormat df= DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.FULL, locale);
timeStamp = df.format(new Date());
hreq.getSession().setAttribute("LOGINTIME", timeStamp);
}
/**
* Method init.
* @param config
* @throws javax.servlet.ServletException
*/
public void init(FilterConfig config) throws ServletException {
this.filterConfig = config;
}
}
4.退出处理
需要调用websphere里的退出操作
ibm_security_logout?logoutExitPage=login.jsp