📄 formauthenticator.java
字号:
String contextPath = hreq.getContextPath();
String requestURI = request.getDecodedRequestURI();
response.setContext(request.getContext());
// Is this the action request from the login page?
boolean loginAction =
requestURI.startsWith(contextPath) &&
requestURI.endsWith(Constants.FORM_ACTION);
// No -- Save this request and redirect to the form login page
if (!loginAction) {
session = getSession(request, true);
if (log.isDebugEnabled())
log.debug("Save request in session '" + session.getId() + "'");
saveRequest(request, session);
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getLoginPage());
try {
disp.forward(hreq, hres);
response.finishResponse();
} catch (Throwable t) {
log.warn("Unexpected error forwarding to login page", t);
}
return (false);
}
// Yes -- Validate the specified credentials and redirect
// to the error page if they are not correct
Realm realm = context.getRealm();
String username = hreq.getParameter(Constants.FORM_USERNAME);
String password = hreq.getParameter(Constants.FORM_PASSWORD);
if (log.isDebugEnabled())
log.debug("Authenticating username '" + username + "'");
principal = realm.authenticate(username, password);
if (principal == null) {
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getErrorPage());
try {
disp.forward(hreq, hres);
} catch (Throwable t) {
log.warn("Unexpected error forwarding to error page", t);
}
return (false);
}
// Save the authenticated Principal in our session
if (log.isDebugEnabled())
log.debug("Authentication of '" + username + "' was successful");
if (session == null)
session = getSession(request, true);
session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
// If we are not caching, save the username and password as well
if (!cache) {
session.setNote(Constants.SESS_USERNAME_NOTE, username);
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
}
// Redirect the user to the original request URI (which will cause
// the original request to be restored)
requestURI = savedRequestURL(session);
if (log.isDebugEnabled())
log.debug("Redirecting to original '" + requestURI + "'");
if (requestURI == null)
hres.sendError(HttpServletResponse.SC_BAD_REQUEST,
sm.getString("authenticator.formlogin"));
else
hres.sendRedirect(hres.encodeRedirectURL(requestURI));
return (false);
}
// ------------------------------------------------------ Protected Methods
/**
* Does this request match the saved one (so that it must be the redirect
* we signalled after successful authentication?
*
* @param request The request to be verified
*/
protected boolean matchRequest(HttpRequest request) {
// Has a session been created?
Session session = getSession(request, false);
if (session == null)
return (false);
// Is there a saved request?
SavedRequest sreq = (SavedRequest)
session.getNote(Constants.FORM_REQUEST_NOTE);
if (sreq == null)
return (false);
// Is there a saved principal?
if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null)
return (false);
// Does the request URI match?
HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
String requestURI = hreq.getRequestURI();
if (requestURI == null)
return (false);
return (requestURI.equals(sreq.getRequestURI()));
}
/**
* Restore the original request from information stored in our session.
* If the original request is no longer present (because the session
* timed out), return <code>false</code>; otherwise, return
* <code>true</code>.
*
* @param request The request to be restored
* @param session The session containing the saved information
*/
protected boolean restoreRequest(HttpRequest request, Session session) {
// Retrieve and remove the SavedRequest object from our session
SavedRequest saved = (SavedRequest)
session.getNote(Constants.FORM_REQUEST_NOTE);
session.removeNote(Constants.FORM_REQUEST_NOTE);
session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
if (saved == null)
return (false);
// Modify our current request to reflect the original one
request.clearCookies();
Iterator cookies = saved.getCookies();
while (cookies.hasNext()) {
request.addCookie((Cookie) cookies.next());
}
request.clearHeaders();
Iterator names = saved.getHeaderNames();
while (names.hasNext()) {
String name = (String) names.next();
Iterator values = saved.getHeaderValues(name);
while (values.hasNext()) {
request.addHeader(name, (String) values.next());
}
}
request.clearLocales();
Iterator locales = saved.getLocales();
while (locales.hasNext()) {
request.addLocale((Locale) locales.next());
}
request.clearParameters();
if ("POST".equalsIgnoreCase(saved.getMethod())) {
Iterator paramNames = saved.getParameterNames();
while (paramNames.hasNext()) {
String paramName = (String) paramNames.next();
String paramValues[] =
saved.getParameterValues(paramName);
request.addParameter(paramName, paramValues);
}
}
request.setMethod(saved.getMethod());
request.setQueryString(saved.getQueryString());
request.setRequestURI(saved.getRequestURI());
return (true);
}
/**
* Save the original request information into our session.
*
* @param request The request to be saved
* @param session The session to contain the saved information
*/
private void saveRequest(HttpRequest request, Session session) {
// Create and populate a SavedRequest object for this request
HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
SavedRequest saved = new SavedRequest();
Cookie cookies[] = hreq.getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++)
saved.addCookie(cookies[i]);
}
Enumeration names = hreq.getHeaderNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
Enumeration values = hreq.getHeaders(name);
while (values.hasMoreElements()) {
String value = (String) values.nextElement();
saved.addHeader(name, value);
}
}
Enumeration locales = hreq.getLocales();
while (locales.hasMoreElements()) {
Locale locale = (Locale) locales.nextElement();
saved.addLocale(locale);
}
Map parameters = hreq.getParameterMap();
Iterator paramNames = parameters.keySet().iterator();
while (paramNames.hasNext()) {
String paramName = (String) paramNames.next();
String paramValues[] = (String[]) parameters.get(paramName);
saved.addParameter(paramName, paramValues);
}
saved.setMethod(hreq.getMethod());
saved.setQueryString(hreq.getQueryString());
saved.setRequestURI(hreq.getRequestURI());
// Stash the SavedRequest in our session for later use
session.setNote(Constants.FORM_REQUEST_NOTE, saved);
}
/**
* Return the request URI (with the corresponding query string, if any)
* from the saved request so that we can redirect to it.
*
* @param session Our current session
*/
private String savedRequestURL(Session session) {
SavedRequest saved =
(SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
if (saved == null)
return (null);
StringBuffer sb = new StringBuffer(saved.getRequestURI());
if (saved.getQueryString() != null) {
sb.append('?');
sb.append(saved.getQueryString());
}
return (sb.toString());
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -