Realm 是什么,干嘛的。我这里就不说了
讲讲怎样配置Realm
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="oracle.jdbc.driver.OracleDriver" connectionURL="jdbc:oracle:thin:@192.168.9.172:1521:yfzx" connectionName="bi" connectionPassword="bi" userTable="users" userNameCol="user_name" userCredCol="passwd" userRoleTable="user_roles" roleNameCol="role_name"/>
className 请求提交到这个class
driverName 驱动名
connectionURL 数据库URL
connectionName 账户
connectionPassword 数据库密码
userTable 用户表名
userNameCol 用户名涉及表的列
userCredCol 用户密码涉及表列
userRoleTable 角色表,这个一般和用户表相关联
roleNameCol 这个就是角色名
Tomcat 最终通过查询出rolename来决定你的访问权限。
在/WEB-INF/web.xml里面配置
<security-constraint> <display-name>OpenI Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>*.jsp</url-pattern> <url-pattern>*.html</url-pattern> <url-pattern>*.htm</url-pattern> <url-pattern>*.iface</url-pattern> <url-pattern>*.faces</url-pattern> <url-pattern>*.jspx</url-pattern> <url-pattern>*.xml</url-pattern> <url-pattern>/rss</url-pattern> <url-pattern>/StreamChart</url-pattern> </web-resource-collection> <auth-constraint> <role-name>openi</role-name> </auth-constraint> </security-constraint>
以上是指定 role_name为openi的用户可以访问 web-resource-collection 标签里面的所有 url-pattern
然后配置登陆异常的页面了
<login-config> <auth-method>FORM</auth-method> <realm-name>OpenI 2.0</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login.jsp?login_failed</form-error-page> </form-login-config> </login-config>
差不多就这样,但是实际中远远不止这么些
如:我们一般再增加一个自己的Filter来获得认证后的用户具体信息
<filter> <filter-name>AuthorizationFilter</filter-name> <filter-class>org.openi.security.AuthorizationFilter</filter-class> <init-param> <param-name>project_list_page</param-name> <param-value>projectlist.htm</param-value> </init-param> </filter>
上面是自定义的Filter
<filter> <filter-name>WcfJspFilter</filter-name> <filter-class>org.openi.web.RequestFilter</filter-class> </filter> <filter-mapping> <filter-name>AuthorizationFilter</filter-name> <url-pattern>*.iface</url-pattern> </filter-mapping> <filter-mapping> <filter-name>AuthorizationFilter</filter-name> <url-pattern>*.faces</url-pattern> </filter-mapping> <filter-mapping> <filter-name>AuthorizationFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>AuthorizationFilter</filter-name> <url-pattern>*.jspx</url-pattern> </filter-mapping> <filter-mapping> <filter-name>AuthorizationFilter</filter-name> <url-pattern>*.htm</url-pattern> </filter-mapping> <filter-mapping> <filter-name>LogoutFilter</filter-name> <url-pattern>/killsession</url-pattern> </filter-mapping> <filter-mapping> <filter-name>WcfJspFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping>
对相关的url访问过滤,在登陆成功之后 转向主页面时候会通过这个Filter
package org.openi.security;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.openi.application.Application;
import org.openi.project.ProjectContext;
import org.openi.users.User;
import org.openi.users.UserService;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
public class AuthorizationFilter implements Filter {
//private static final String APP_FILE_PATH = "/WEB-INF/application.xml";
private static Logger logger = Logger.getLogger(AuthorizationFilter.class);
private FilterConfig filterConfig;
public void init(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
}
public static final String OPENI_ROLE_NAME = "openi";
public static final String APP_ADMIN_ROLE_NAME = "app_admin";
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext());
ProjectContext projectContext = (ProjectContext)appContext.getBean("projectContext");
//request.setCharacterEncoding("UTF-8");
/*
Enumeration names = request.getParameterNames();
while(names.hasMoreElements()) {
String name = (String)names.nextElement();
String values[] = request.getParameterValues(name);
for(int i=0;i<values.length;i++)
{
values[i] = new String(values[i].getBytes("ISO-8859-1"),"utf-8");//(values[i]);
}
}
*/
HttpServletRequest servletRequest = (HttpServletRequest) request;
/*logger.info("---------------------servletRequest.getRequestURI() : " + servletRequest.getRequestURI());
logger.info("---------------------servletRequest.getCharacterEncoding() : " + servletRequest.getCharacterEncoding());
logger.info("---------------------servletRequest.getAttribute() : " + servletRequest.getAttribute("content"));
logger.info("---------------------servletRequest.getParameter() : " + servletRequest.getParameter("content"));
logger.info("---------------------servletRequest.getParameter(contentNow) : " + servletRequest.getParameter("contentNow"));
logger.info("---------------------servletRequest.getQueryString() : " + servletRequest.getQueryString());
logger.info("---------------------servletRequest.getRequestURI() : " + servletRequest.getRequestURL().toString());
logger.info("---------------------servletRequest.getServletPath() : " + servletRequest.getServletPath());
;
*/
// Glashfish invokes request filter before login, so check UserPrincipal for null
if (projectContext.getUser() == null && servletRequest.getUserPrincipal() != null) {
String userName = servletRequest.getUserPrincipal().getName();
User user = null;
try {
UserService userService = (UserService)appContext.getBean("userService");
if (userService != null) {
user = userService.getUserById(userName);
}
} catch (Throwable t) {}
if (user == null) {
user = new User();
}
if (user.getLanguage() == null || "".equals(user.getLanguage())) {
user.setLanguage(servletRequest.getLocale().getLanguage());
}
user.setName(userName);
projectContext.setUser(user);
if (servletRequest.isUserInRole(OPENI_ROLE_NAME)) {
if (servletRequest.isUserInRole(APP_ADMIN_ROLE_NAME)) {
projectContext.configureRoles(true, false, false);
}/* else if (projectContext.getProject() != null
&& servletRequest.isUserInRole(projectContext.getProject().getProjectId() + " )) {
if (servletRequest.isUserInRole(PRJ_ADMIN_ROLE_NAME)) {
projectContext.configureRoles(false, true, false);
} else if (servletRequest.isUserInRole(PRJ_USER_ROLE_NAME)) {
projectContext.configureRoles(false, false, true);
}
}*/
}
}
if (projectContext.getProject() == null && servletRequest.getUserPrincipal() != null) {
try {
if (!Application.isLoaded()) {
((HttpServletRequest)request).getRequestDispatcher("/WEB-INF/pages/create_project.iface").forward(request, response);
return;
} else {
logger.warn("project content directory is missing");
if(!servletRequest.getRequestURI().endsWith("project_list.iface")
&& !servletRequest.getRequestURI().endsWith("blank.iface")){
((HttpServletResponse)response).sendRedirect("project_list.iface");
//((HttpServletRequest)request).getRequestDispatcher("project_list.iface").forward(request, response);
return;
}
}
} catch (Exception e) {
throw new ServletException("could forward request", e);
}
}
/*
Enumeration names1 = request.getParameterNames();
while(names1.hasMoreElements()) {
String name = (String)names1.nextElement();
String values[] = request.getParameterValues(name);
for(int i=0;i<values.length;i++)
{
values[i] = new String(values[i].getBytes("ISO-8859-1"),"utf-8");//(values[i]);
}
}
*/
chain.doFilter(request, response);
}
public void destroy() {
}
}
通过上面这个类就可以获得用户的具体信息,从而得到细粒度的控制。
完毕。高手不吝赐教!