ofbiz 的登录机制
来源:互联网 发布:软件项目实施费用 编辑:程序博客网 时间:2024/05/17 06:29
ofbiz 的登录比较完善,并且实现了单点登录,下面是笔者记录的ofbiz登录的基本过程.
在org.ofbiz.securityext.login.LoginEvents中有静态变量
保存了所有登陆的用户和用户登录的webapp.这样为单点登录提供了很大的方便.
在controller.xml中登录配置:
<request-map uri="login">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
在输入用户名和密码后,ofbiz的前端控制器将调用org.ofbiz.securityext.login.LoginEvents类中的静态方法login.
- 得到用户名和密码并处理大小写.
String username = request.getParameter("USERNAME");
String password = request.getParameter("PASSWORD");
if (username == null) username = (String) session.getAttribute("USERNAME");
if (password == null) password = (String) session.getAttribute("PASSWORD");
if ((username != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "username.lowercase")))) {
username = username.toLowerCase();
}
if ((password != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "password.lowercase")))) {
password = password.toLowerCase();
}
String password = request.getParameter("PASSWORD");
if (username == null) username = (String) session.getAttribute("USERNAME");
if (password == null) password = (String) session.getAttribute("PASSWORD");
if ((username != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "username.lowercase")))) {
username = username.toLowerCase();
}
if ((password != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "password.lowercase")))) {
password = password.toLowerCase();
}
- 判断是否登录
if ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "login.lock.active"))) {
boolean userIdLoggedIn = isLoggedInSession(username, request, false);
boolean thisUserLoggedIn = isLoggedInSession(username, request, true);
if (userIdLoggedIn && !thisUserLoggedIn) {
request.setAttribute("_ERROR_MESSAGE_", "<b>This user is already logged in.</b><br>");
return "error";
}
}
boolean userIdLoggedIn = isLoggedInSession(username, request, false);
boolean thisUserLoggedIn = isLoggedInSession(username, request, true);
if (userIdLoggedIn && !thisUserLoggedIn) {
request.setAttribute("_ERROR_MESSAGE_", "<b>This user is already logged in.</b><br>");
return "error";
}
}
准备visit
// get the visit id to pass to the userLogin for history
String visitId = VisitHandler.getVisitId(session);
String visitId = VisitHandler.getVisitId(session);
visit = delegator.makeValue("Visit", null);
Long nextId = delegator.getNextSeqId("Visit");
visit.set("visitId", nextId.toString());
visit.set("sessionId", session.getId());
visit.set("fromDate", new Timestamp(session.getCreationTime()));
InetAddress address = InetAddress.getLocalHost();
if (address != null) {
visit.set("serverIpAddress", address.getHostAddress());
visit.set("serverHostName", address.getHostName());
} else {
Debug.logError("Unable to get localhost internet address, was null", module);
}
visit.create();
session.setAttribute("visit", visit);
Long nextId = delegator.getNextSeqId("Visit");
visit.set("visitId", nextId.toString());
visit.set("sessionId", session.getId());
visit.set("fromDate", new Timestamp(session.getCreationTime()));
InetAddress address = InetAddress.getLocalHost();
if (address != null) {
visit.set("serverIpAddress", address.getHostAddress());
visit.set("serverHostName", address.getHostName());
} else {
Debug.logError("Unable to get localhost internet address, was null", module);
}
visit.create();
session.setAttribute("visit", visit);
进行验证
result = dispatcher.runSync("userLogin", UtilMisc.toMap("login.username", username, "login.password", password, "visitId", visitId));
处理验证结果(1.判断是否具有基本权限)
ComponentConfig.WebappInfo info = ComponentConfig.getWebAppInfo(serverId, contextPath);
String permission = info.getBasePermission();
if (!"NONE".equals(permission) && !security.hasEntityPermission(permission, "_VIEW", userLogin)) {
return false;
}
String permission = info.getBasePermission();
if (!"NONE".equals(permission) && !security.hasEntityPermission(permission, "_VIEW", userLogin)) {
return false;
}
(2.完成基本的登录过程)
// let the visit know who the user is
VisitHandler.setUserLogin(session, userLogin, false);
loginToSession(userLogin, request);
loginToSession(userLogin, request);
表示在静态变量中loggedInSessions加入 userLoginId 和webappName session.getId().
public static Map loggedInSessions = new HashMap();
0 0
- ofbiz 的登录机制
- ofbiz 的登录机制
- ofbiz登录的一点问题
- ofbiz登录的一个问题
- ofbiz 单点登录
- ofbiz SSO 单点登录
- ofbiz cas单点登录
- Ajax登录ofbiz
- OFBiz登录权限设置
- ofbiz 登录时默认进入一个指定的模块
- ofbiz 登录时默认进入一个指定的模块
- OFBiz 中services调用机制
- OFBiz中services调用机制
- OFBiz中services调用机制
- OFBiz中services调用机制
- OFBiz中services调用机制
- OFBiz中services调用机制
- OFBiz中services调用机制
- 【数据结构--笔记03】字符串匹配的KMP算法
- PHPCMSV9 只显示当前栏目和超链接
- MFC选择文件对话框、选择目录对话框、获取指定目录下文件名和个数
- 详细深入了解Framgent的生命周期,适合面试
- LAMP环境搭建
- ofbiz 的登录机制
- 一个Activity多个入口图标的实现方法
- iOS链式编程
- js 模块化代码流程
- servlet的生命周期 servlet和cgi的区别
- 转 screen widget 框架页面生成原理初探
- android 返回键的监听
- jsp页面使用${}不起作用
- iOS-仿QQ侧边栏