通过 GWT 按钮使用 Jetty 进行身份验证
我正在尝试使用 SmartGWT 创建登录页面,并且一直在尝试让表单身份验证与嵌入了 Eclipse 的 GWT 插件的 Jetty 服务器一起使用。我有一个使用 TextItems 获取用户名和密码的页面,然后一旦按下登录按钮,我就需要进行身份验证。
我已经设置了 jetty-web.xml 文件来创建一个自定义领域,该领域目前不执行任何操作,只是告诉我它的方法正在被调用,这样我就知道它正在工作,因为一旦我进入那里,我就很高兴当然我能弄清楚剩下的事情。
jetty-web.xml
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<Get name="SecurityHandler">
<Call name="setUserRealm">
<Arg>
<New class="custom.realm.CustomRealm">
<Set name="name">CustomRealm</Set>
</New>
</Arg>
</Call>
<Call name="setAuthenticator">
<Arg>
<New class="org.mortbay.jetty.security.FormAuthenticator">
<Set name="loginPage">/login.html</Set>
<Set name="errorPage">/login.html</Set>
</New>
</Arg>
</Call>
</Get>
</Configure>
[编辑 05/18 1:16pm]
我的 CustomRealm 扩展了 Jetty 的 HashUserRealm,不知道这是否会导致问题,btu 想我也会提到它。
我还在我的 web.xml 文件
web.xml 片段
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- <auth-constraint>
<role-name>*</role-name>
</auth-constraint> -->
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>CustomRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login.html</form-login-page>
</form-login-config>
</login-config>
中设置了安全约束,老实说,我对做这类事情还很陌生。我不确定我是否需要约束。被注释掉了,因为当我取消注释时,页面根本不会加载。
根据我所读到的内容,我认为使用 Jetty 的安全约束应该会弹出一个浏览器登录对话框。这不是我想要发生的事情,而且实际上也不想发生。所以我不确定我在那里做错了什么。
我还在 GWT 中找到了 RequestBuilder 类,但这似乎没有做任何我想要的事情。我需要登录按钮以某种方式调用自定义领域中的身份验证方法。我想知道是否有办法做到这一点?或者至少指向正确的方向,因为我一直在寻找但没有发现任何东西。
提前致谢。
[编辑 05/18 上午 8:56] 在彼得的建议之后添加我的 RequestBuilder 现在的设置方式
RequestBuilder rb = new RequestBuilder(RequestBuilder.POST, "login.html");
StringBuilder postData = new StringBuilder();
postData.append(URL.encode("j_username")).append("=").append(URL.encode(getUsername()));
postData.append("&");
postData.append(URL.encode("j_password")).append("=").append(URL.encode(getPassword()));
rb.setRequestData(postData.toString());
rb.setHeader("Content-type", "application/x-www-form-urlencoded");
rb.setCallback(new RequestCallback() {
@Override
public void onResponseReceived(Request request, Response response)
{
if (response.getStatusCode() != Response.SC_OK)
{
onError(request, new RequestException(response.getStatusText() + ":\n" + response.getText()));
return;
}
if (response.getText().contains("Access Denied"))
{
Window.alert("Incorrect username or password entered. Please try again.");
}
else
{
System.out.println("IT WORKED!!!");
}
}
@Override
public void onError(Request request, Throwable exception)
{
Window.alert(exception.getMessage());
}
});
try
{
rb.send();
}
catch (RequestException e)
{
SC.say(e.getMessage());
}
[重新更新] 如果 auth-constraint 未注释,则永远不会调用 onModuleLoad 方法。有人知道为什么会这样做吗?
I'm trying to create a login page using SmartGWT and have been trying to get Form Authentication to work with the Jetty server embedded with the GWT plug-in for Eclipse. I have a page that takes a username and password using TextItems, then once the login button is pressed I need the authentication to take place.
I've set up my jetty-web.xml file to create a custom realm, which currently doesn't do anything but tell me it's methods are being called, just so I know it's working, as once I get in there, I pretty sure I can figure the rest out.
jetty-web.xml
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<Get name="SecurityHandler">
<Call name="setUserRealm">
<Arg>
<New class="custom.realm.CustomRealm">
<Set name="name">CustomRealm</Set>
</New>
</Arg>
</Call>
<Call name="setAuthenticator">
<Arg>
<New class="org.mortbay.jetty.security.FormAuthenticator">
<Set name="loginPage">/login.html</Set>
<Set name="errorPage">/login.html</Set>
</New>
</Arg>
</Call>
</Get>
</Configure>
[edit 05/18 1:16pm]
My CustomRealm extends Jetty's HashUserRealm, dunno if that may cause issues, btu figured I'd mention it as well.
I've also set up a security constraint in my web.xml file
web.xml snippet
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- <auth-constraint>
<role-name>*</role-name>
</auth-constraint> -->
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>CustomRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login.html</form-login-page>
</form-login-config>
</login-config>
I'm fairly new to doing this type of stuff, tbh. I'm not sure I need the constraint. The is commented out because when I had it uncommented the page wouldn't load, at all.
From what I've read, I gather that using the security constraint with Jetty should pop-up a browser login dialog. That's not what I want to have happen, and it actually doesn't anyways. So I'm unsure of what I'm doing wrong there.
I also found the RequestBuilder class in GWT, but that doesn't seem to be doing anything I want it to. I need the login button to somehow call the authenticate method in my custom realm. I'm wondering if there is a way to do this? Or at least be pointed in the right direction, cause I've been looking and haven't found anything.
thanks in advance.
[edit 05/18 8:56am]
adding how my RequestBuilder is set up now after Peter's suggestion
RequestBuilder rb = new RequestBuilder(RequestBuilder.POST, "login.html");
StringBuilder postData = new StringBuilder();
postData.append(URL.encode("j_username")).append("=").append(URL.encode(getUsername()));
postData.append("&");
postData.append(URL.encode("j_password")).append("=").append(URL.encode(getPassword()));
rb.setRequestData(postData.toString());
rb.setHeader("Content-type", "application/x-www-form-urlencoded");
rb.setCallback(new RequestCallback() {
@Override
public void onResponseReceived(Request request, Response response)
{
if (response.getStatusCode() != Response.SC_OK)
{
onError(request, new RequestException(response.getStatusText() + ":\n" + response.getText()));
return;
}
if (response.getText().contains("Access Denied"))
{
Window.alert("Incorrect username or password entered. Please try again.");
}
else
{
System.out.println("IT WORKED!!!");
}
}
@Override
public void onError(Request request, Throwable exception)
{
Window.alert(exception.getMessage());
}
});
try
{
rb.send();
}
catch (RequestException e)
{
SC.say(e.getMessage());
}
[re-update]
If the auth-constraint is uncommented, the onModuleLoad method is never called. Anyone know of why it might be doing that?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论