Glassfish7 软件门户的 SSO

问题描述 投票:0回答:1

**web.xml(登录.war)**

<?xml version="1.0" encoding="UTF-8"?>
...

    <display-name>Login</display-name>

    <welcome-file-list>
        <welcome-file>login.xhtml</welcome-file>
    </welcome-file-list>

    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>jdbcRealm</realm-name>
        <form-login-config>
            <form-login-page>/login.xhtml</form-login-page>
            <form-error-page>/login-error.xhtml</form-error-page>
        </form-login-config>
    </login-config>

    <security-role>
        <role-name>USER</role-name>
    </security-role>

    <security-role>
        <role-name>ADMIN</role-name>
    </security-role>

    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>jakarta.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.xhtml</url-pattern>
    </servlet-mapping>

    <session-config>
        <session-timeout>30</session-timeout>
        <cookie-config>
            <name>JSESSIONID</name>
            <path>/</path>
            <http-only>true</http-only>
            <secure>false</secure> verwenden -->
        </cookie-config>
    </session-config>

    <context-param>
        <param-name>org.primefaces.extensions.DELIVER_UNCOMPRESSED_RESOURCES</param-name>
        <param-value>false</param-value>
    </context-param>

    <context-param>
        <param-name>primefaces.THEME</param-name>
        <param-value>nova-light</param-value>
    </context-param>
</web-app>

**web.xml(开始.war)**

<?xml version="1.0" encoding="UTF-8"?>
...

    <display-name>Startleiste</display-name>

    <welcome-file-list>
        <welcome-file>index.xhtml</welcome-file>
    </welcome-file-list>

    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>jdbcRealm</realm-name>
        <form-login-config>
            <form-login-page>/login/login.xhtml</form-login-page>
            <form-error-page>/login/login-error.xhtml</form-error-page>
        </form-login-config>
    </login-config>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Protected Area</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ADMIN</role-name>
            <role-name>USER</role-name>
        </auth-constraint>
    </security-constraint>

    <security-role>
        <role-name>USER</role-name>
    </security-role>

    <security-role>
        <role-name>ADMIN</role-name>
    </security-role>

    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>jakarta.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.xhtml</url-pattern>
    </servlet-mapping>

    <session-config>
        <session-timeout>30</session-timeout> <!-- Timeout in Minuten -->
        <cookie-config>
            <name>JSESSIONID</name>
            <path>/</path>
            <http-only>true</http-only>
            <secure>false</secure> <!-- Ändern Sie dies zu true, wenn Sie HTTPS verwenden -->
        </cookie-config>
    </session-config>

    <context-param>
        <param-name>org.primefaces.extensions.DELIVER_UNCOMPRESSED_RESOURCES</param-name>
        <param-value>false</param-value>
    </context-param>

    <context-param>
        <param-name>primefaces.THEME</param-name>
        <param-value>nova-light</param-value>
    </context-param>
</web-app>

LoginController.java(Login.war)

package login.web;

import java.io.IOException;
import java.io.Serializable;

import jakarta.enterprise.context.RequestScoped;
import jakarta.faces.application.FacesMessage;
import jakarta.faces.context.FacesContext;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import login.util.LoginService;
import login.util.entities.User;

@RequestScoped
@Named
public class LoginController implements Serializable {

    private static final long serialVersionUID = -5346634778960677989L;

    private static final String URL = "myServerURL:8080";

   
    @Inject
    private LoginService loginService;

    private String username;
    private String password;

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public void login() {
        FacesContext context = FacesContext.getCurrentInstance();
        User user = loginService.findUserByUsername(username);

        if (user != null && user.getPassword().equals(SHA256Util.hashPassword(password))) {
            context.getExternalContext().getSessionMap().put("user", user);
            try {
                System.out.println("Login successful, redirecting to start page.");
                context.getExternalContext().redirect(URL + "/Start");
            } catch (IOException e) {
                System.out.println("Redirect failed: " + e.getMessage());
                e.printStackTrace();
            }
        } else {
            System.out.println("Invalid username or password.");
            context.addMessage(null,
                    new FacesMessage(FacesMessage.SEVERITY_ERROR, "Invalid username or password", null));
        }
    }

    public void logout() {
        FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
        try {
            FacesContext.getCurrentInstance().getExternalContext().redirect("login.xhtml");
        } catch (IOException e) {
            System.out.println("Logout redirect failed: " + e.getMessage());
            e.printStackTrace();
        }
    }
}

RedirektBean.java(Start.war)

package startleiste.glassfish;

import java.io.IOException;
import java.security.Principal;

import jakarta.enterprise.context.RequestScoped;
import jakarta.faces.context.ExternalContext;
import jakarta.faces.context.FacesContext;
import jakarta.inject.Named;

@Named
@RequestScoped
public class LoginRedirectBean {

    public void redirectToLogin() {
        ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
        try {
            Principal userPrincipal = externalContext.getUserPrincipal();
            if (userPrincipal == null) {
                System.out.println("User ist nicht authentifiziert, Umleitung zur Login-Seite"); 
                externalContext.redirect("myServerURL/Login");
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

大家好。我在为 Glassfish7 应用程序服务器配置 SSO 时遇到了很大的问题。我想开发一个软件门户,使用 JSF、primefaces 和 Glassfish7 作为应用程序服务器。

计划是配置一个中央登录页面 - >登录后用户进入导航页面。如果您之前没有登录就访问导航页面,应用程序会将您重定向到登录页面。

我在不同的战争中都这样做过 登录.war 开始战争

如果我成功登录 - 应用程序立即将我重定向到 Login.war 这是为什么?

java single-sign-on glassfish
1个回答
0
投票

您确定您的登录应用程序使用领域来验证用户身份吗?我在登录方法中只看到

context.getExternalContext().getSessionMap().put("user", user);
。您的代码根本不使用jdbcRealm,您直接进入数据库。 GlassFish 无法知道用户是否经过身份验证,因此无法将信息传递给另一个应用程序进行 SSO。不幸的是,互联网上的大多数示例似乎都显示了与您的代码类似的内容,但这仅适用于单个应用程序,并且仅当您有一个自定义 servlet 过滤器(如果未经身份验证则阻止访问安全页面)时才有效。换句话说,整个安全机制完全是自定义的,不依赖服务器,服务器也不知道。

这里有一个教程,介绍如何执行您想要的操作,以便您的应用程序使用 JDBC 领域进行身份验证:https://docs.oracle.com/javaee/6/tutorial/doc/glxce.html

您应该在您的login()方法中调用以下内容:

FacesContext context = FacesContext.getCurrentInstance();
        HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();

        try {
            request.login(username, password);
            // Redirect to the home page or a secured page
            return "welcome?faces-redirect=true";
        } catch (ServletException e) {
            // Authentication failed
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.