Wicket auth-role :从 JSP 注入外部用户凭据
我正在做一个增量JSP -->检票口迁移。我保留了 JSP 应用程序并进行逐页迁移。我从 JSP 出发<-->但我的问题是在 JSP 中,我登录的用户凭据存储在 Bean (UserBean,scope:session) 中,并且在 JSP 中,我从该 Bean 检查登录的用户。
但是我怎样才能在检票口获取这些信息呢?这样,如果用户登录,则从我的 JSP 页面中,在 wicket 页面加载时,它可以读取该内容并设置 suer 信息,以便我的 wicket 登录页面不会出现。
我的 wicket 页面使用 wicket-auth-role 并检查:
@AuthorizeInstantiation("ADMIN") public class HomePage extends BasePage {.....}
我在 wicket 中有自己的 UserDetailsServcice 和 MyAuthenticationWebSession。
经过 Don Roby 的一些尝试和帮助后,我从 wicket 中的会话中获取了用户 ID:
final RequestCycle requestCycle = RequestCycle.get();
WebRequest wr=(WebRequest)requestCycle.getRequest();
HttpServletRequest hsr= wr.getHttpServletRequest();
AuthenticatedWebSession session = OrbitWebSession.get();
String username = (String)hsr.getSession().getAttribute("SessionUser");
现在,我到底可以在哪里设置用户名、密码并调用身份验证,以便我的页面不会重定向到登录页面?谁调用了authenticate()方法以及如何调用?我在我的安全页面上尝试过 onBeforeRender() 方法,但它不起作用。 :(
I am doing an incremental JSP --> Wicket migration. I had kept the JSP appliation and doing page by page migration. I gan go and return from JSP <--> wicket pages.But my problem is in JSP my logged in user credentials are stored in a Bean (UserBean,scope:session) and in JSP on each page I check logged in user from that bean.
But how can I get these informations in wicket? so that from my JSP page if a User is logged in, on wicket page load it can read that and set suer info so that my wicket log in page does not come.
my wicket page uses wicket-auth-role and checks with:
@AuthorizeInstantiation("ADMIN") public class HomePage extends BasePage {.....}
I have my own UserDetailsServcice and MyAuthenticationWebSession in wicket.
After some attempts and help from Don Roby, here I got userID from session in wicket:
final RequestCycle requestCycle = RequestCycle.get();
WebRequest wr=(WebRequest)requestCycle.getRequest();
HttpServletRequest hsr= wr.getHttpServletRequest();
AuthenticatedWebSession session = OrbitWebSession.get();
String username = (String)hsr.getSession().getAttribute("SessionUser");
Now,exactly where can I set username,password and call authenticate so that my page does not redirects to login page? Who calls authenticate() methods and how? I have tried onBeforeRender() method on my secured page,but it does not work. :(
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
更多专门围绕登录过程的代码可能会帮助我们做出更完整的答案,但基本上您必须访问正常的 servlet 容器会话,从而从 wicket 中的某个位置访问该 bean。放置该逻辑的最佳位置可能是
MyAuthenticationWebSession
中的某个位置,以便它知道用户已登录。要从 wicket 代码获取 servlet 容器会话,您可以
在此时使用 If将此放入您的 wicket 代码中,您还没有这个
WebRequest
对象(可能是ServletWebRequest
对象),您可以从请求周期:More code specifically around the login process might help us make a more complete answer, but basically you have to get access to the normal servlet container session and thus to that bean from somewhere in wicket. Likely the best place to put that logic is somewhere in your
MyAuthenticationWebSession
, so that it knows the user is logged in.To get at the servlet container session from wicket code, you can use
If at the point you're putting this in your wicket code you don't already have this
WebRequest
object (which is likely aServletWebRequest
object), you can get it from theRequestCycle
:在登录过程中,authenticate 由 AuthenticatedWebSession 调用。不幸的是,上述类中的大多数方法都被标记为最终方法,因此自定义起来有点困难。
我认为您应该能够做的是在您自己的会话的构造函数中使用受保护的方法signIn(boolean value)。您在那里收到一个请求,从中您应该能够获得“SessionUser”,然后通过 UserDetailsService 提取您的用户,调用signIn(true)并初始化该用户的正确角色。如果调用了signIn(true),则不应获得登录重定向。
authenticate is called by AuthenticatedWebSession during the login process. Unfortunately for you, most methods in the aforementioned class are marked final so it's a bit hard to customize.
What I think you should be able to do is to use the protected method signIn(boolean value) in the constructor of your own session. You get a Request there, from that you should hopefully be able to get your "SessionUser", then extract your User via your UserDetailsService, call signIn(true) and initialize the correct roles for that user. If signIn(true) is called, you shouldn't get a redirect to login.