【问题标题】:ServletRequestListener - Getting the userprincipal returns nullServletRequestListener - 获取 userprincipal 返回 null
【发布时间】:2013-04-18 14:10:17
【问题描述】:
我有一个使用 HTTP-Basic 身份验证保护的 Web 应用程序。
我还使用ServletRequestListener 接口实现了一个过滤器。现在当过滤器调用requestInitialized方法时,请求的getUserPrincipal-Method返回null。但是当我检查请求标头时,授权标头设置为加密值。代码如下:
@Override
public void requestInitialized(ServletRequestEvent e) {
HttpServletRequest request = (HttpServletRequest) e.getServletRequest();
//p is null
Principal p = request.getUserPrincipal();
Enumeration<String> enH = request.getHeaders("Authorization");
while (enH.hasMoreElements()) {
String s = enH.nextElement();
System.out.println(s);
//prints.
//Basic c3RhY2tvdmVyZmxvdzpteXBhc3N3b3Jk
}
}
为什么userprincipal没有初始化?
【问题讨论】:
-
一些有关如何设置嵌入式码头的详细信息会很有用。知道您可能需要设置 LoginService + Constraint + ConstraintMapping + Roles + ConstraintSecurityHandler ...example
标签:
java-ee-6
embedded-jetty
servlet-3.0
basic-authentication
【解决方案1】:
您可能没有为嵌入式码头设置所需的安全层。
这是在Jetty embedded examples source tree 中找到的example。
package org.eclipse.jetty.embedded;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.util.security.Constraint;
public class SecuredHelloHandler
{
public static void main(String[] args) throws Exception
{
Server server = new Server(8080);
LoginService loginService = new HashLoginService("MyRealm","src/test/resources/realm.properties");
server.addBean(loginService);
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
server.setHandler(security);
Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate( true );
constraint.setRoles(new String[]{"user", "admin"});
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec( "/*" );
mapping.setConstraint( constraint );
Set<String> knownRoles = new HashSet<String>();
knownRoles.add("user");
knownRoles.add("admin");
security.setConstraintMappings(Collections.singletonList(mapping), knownRoles);
security.setAuthenticator(new BasicAuthenticator());
security.setLoginService(loginService);
security.setStrict(false);
// Your Handler (or Servlet) that should be secured
HelloHandler hh = new HelloHandler();
security.setHandler(hh);
server.start();
server.join();
}
}
【解决方案2】:
我通过使用过滤器而不是侦听器来解决它..
@WebFilter(urlPatterns = { "/*" })
public class RequestFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain fChain) throws IOException, ServletException {
HttpServletRequest hReq = (HttpServletRequest) req;
//p is not null anymore
Principal p = hReq.getUserPrincipal();
fChain.doFilter(hReq, res);
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig config) throws ServletException {
}
}