通过 GWT 按钮使用 Jetty 进行身份验证

发布于 2024-11-07 12:14:05 字数 3675 浏览 3 评论 0原文

我正在尝试使用 SmartGWT 创建登录页面,并且一直在尝试让表单身份验证与嵌入了 Eclipse 的 GWT 插件的 Jetty 服务器一起使用。我有一个使用 TextItems 获取用户名和密码的页面,然后一旦按下登录按钮,我就需要进行身份验证。

我已经设置了 jetty-web.xml 文件来创建一个自定义领域,该领域目前不执行任何操作,只是告诉我它的方法正在被调用,这样我就知道它正在工作,因为一旦我进入那里,我就很高兴当然我能弄清楚剩下的事情。

jetty-web.xml

<Configure class="org.mortbay.jetty.webapp.WebAppContext">
    <Get name="SecurityHandler">
        <Call name="setUserRealm">
            <Arg>
                <New class="custom.realm.CustomRealm">
                    <Set name="name">CustomRealm</Set>
                </New>
            </Arg>
        </Call>

        <Call name="setAuthenticator">
            <Arg>
                <New class="org.mortbay.jetty.security.FormAuthenticator">
                    <Set name="loginPage">/login.html</Set>
                    <Set name="errorPage">/login.html</Set>
                </New>
            </Arg>
        </Call>
    </Get>
</Configure>

[编辑 05/18 1:16pm]

我的 CustomRealm 扩展了 Jetty 的 HashUserRealm,不知道这是否会导致问题,btu 想我也会提到它。

我还在我的 web.xml 文件

web.xml 片段

<security-constraint>
    <web-resource-collection>        
        <web-resource-name>Login</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <!-- <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint> -->

</security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>CustomRealm</realm-name>
    <form-login-config>
        <form-login-page>/login.html</form-login-page>
        <form-error-page>/login.html</form-login-page>
    </form-login-config>
</login-config>

中设置了安全约束,老实说,我对做这类事情还很陌生。我不确定我是否需要约束。被注释掉了,因为当我取消注释时,页面根本不会加载。

根据我所读到的内容,我认为使用 Jetty 的安全约束应该会弹出一个浏览器登录对话框。这不是我想要发生的事情,而且实际上也不想发生。所以我不确定我在那里做错了什么。

我还在 GWT 中找到了 RequestBuilder 类,但这似乎没有做任何我想要的事情。我需要登录按钮以某种方式调用自定义领域中的身份验证方法。我想知道是否有办法做到这一点?或者至少指向正确的方向,因为我一直在寻找但没有发现任何东西。

提前致谢。

[编辑 05/18 上午 8:56] 在彼得的建议之后添加我的 RequestBuilder 现在的设置方式

RequestBuilder rb = new RequestBuilder(RequestBuilder.POST, "login.html");
StringBuilder postData = new StringBuilder();
postData.append(URL.encode("j_username")).append("=").append(URL.encode(getUsername()));
postData.append("&");
postData.append(URL.encode("j_password")).append("=").append(URL.encode(getPassword()));
rb.setRequestData(postData.toString());
rb.setHeader("Content-type", "application/x-www-form-urlencoded");
rb.setCallback(new RequestCallback() {
    @Override
    public void onResponseReceived(Request request, Response response)
    {
        if (response.getStatusCode() != Response.SC_OK)         
        {
            onError(request, new RequestException(response.getStatusText() + ":\n" + response.getText()));
            return;
        }

        if (response.getText().contains("Access Denied"))
        {
            Window.alert("Incorrect username or password entered. Please try again.");
        }
        else
        {
            System.out.println("IT WORKED!!!");
        }
    }

    @Override
    public void onError(Request request, Throwable exception)
    {
        Window.alert(exception.getMessage());
    }
});

try
{
    rb.send();
}
catch (RequestException e)
{
    SC.say(e.getMessage());
}

[重新更新] 如果 auth-constraint 未注释,则永远不会调用 onModuleLoad 方法。有人知道为什么会这样做吗?

I'm trying to create a login page using SmartGWT and have been trying to get Form Authentication to work with the Jetty server embedded with the GWT plug-in for Eclipse. I have a page that takes a username and password using TextItems, then once the login button is pressed I need the authentication to take place.

I've set up my jetty-web.xml file to create a custom realm, which currently doesn't do anything but tell me it's methods are being called, just so I know it's working, as once I get in there, I pretty sure I can figure the rest out.

jetty-web.xml

<Configure class="org.mortbay.jetty.webapp.WebAppContext">
    <Get name="SecurityHandler">
        <Call name="setUserRealm">
            <Arg>
                <New class="custom.realm.CustomRealm">
                    <Set name="name">CustomRealm</Set>
                </New>
            </Arg>
        </Call>

        <Call name="setAuthenticator">
            <Arg>
                <New class="org.mortbay.jetty.security.FormAuthenticator">
                    <Set name="loginPage">/login.html</Set>
                    <Set name="errorPage">/login.html</Set>
                </New>
            </Arg>
        </Call>
    </Get>
</Configure>

[edit 05/18 1:16pm]

My CustomRealm extends Jetty's HashUserRealm, dunno if that may cause issues, btu figured I'd mention it as well.

I've also set up a security constraint in my web.xml file

web.xml snippet

<security-constraint>
    <web-resource-collection>        
        <web-resource-name>Login</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <!-- <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint> -->

</security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>CustomRealm</realm-name>
    <form-login-config>
        <form-login-page>/login.html</form-login-page>
        <form-error-page>/login.html</form-login-page>
    </form-login-config>
</login-config>

I'm fairly new to doing this type of stuff, tbh. I'm not sure I need the constraint. The is commented out because when I had it uncommented the page wouldn't load, at all.

From what I've read, I gather that using the security constraint with Jetty should pop-up a browser login dialog. That's not what I want to have happen, and it actually doesn't anyways. So I'm unsure of what I'm doing wrong there.

I also found the RequestBuilder class in GWT, but that doesn't seem to be doing anything I want it to. I need the login button to somehow call the authenticate method in my custom realm. I'm wondering if there is a way to do this? Or at least be pointed in the right direction, cause I've been looking and haven't found anything.

thanks in advance.

[edit 05/18 8:56am]
adding how my RequestBuilder is set up now after Peter's suggestion

RequestBuilder rb = new RequestBuilder(RequestBuilder.POST, "login.html");
StringBuilder postData = new StringBuilder();
postData.append(URL.encode("j_username")).append("=").append(URL.encode(getUsername()));
postData.append("&");
postData.append(URL.encode("j_password")).append("=").append(URL.encode(getPassword()));
rb.setRequestData(postData.toString());
rb.setHeader("Content-type", "application/x-www-form-urlencoded");
rb.setCallback(new RequestCallback() {
    @Override
    public void onResponseReceived(Request request, Response response)
    {
        if (response.getStatusCode() != Response.SC_OK)         
        {
            onError(request, new RequestException(response.getStatusText() + ":\n" + response.getText()));
            return;
        }

        if (response.getText().contains("Access Denied"))
        {
            Window.alert("Incorrect username or password entered. Please try again.");
        }
        else
        {
            System.out.println("IT WORKED!!!");
        }
    }

    @Override
    public void onError(Request request, Throwable exception)
    {
        Window.alert(exception.getMessage());
    }
});

try
{
    rb.send();
}
catch (RequestException e)
{
    SC.say(e.getMessage());
}

[re-update]
If the auth-constraint is uncommented, the onModuleLoad method is never called. Anyone know of why it might be doing that?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文