问题描述
我使用需要身份验证的新项目GWT和RequestFactory。
I'm using GWT and RequestFactory on a new project that needs authentication.
将在其中添加登录和注销功能的最佳地点?在UserRequestContext?
Where would be the best place to add the login and logout functions ? in a UserRequestContext ?
先谢谢了。
推荐答案
使用Servlet过滤器。
Use servlet filter.
我分裂RequestFactory调用到两个流 - 一个未经验证的电话,另一个用于身份验证的。这里是我的一块的web.xml的。
I split RequestFactory calls into two streams - one for unauthenticated calls and another one for authenticated ones. Here is piece of my web.xml.
<servlet>
<servlet-name>CustomRequestFactoryServlet</servlet-name>
<servlet-class>my.server.CustomRequestFactoryServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CustomRequestFactoryServlet</servlet-name>
<url-pattern>/gwtRequest</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>CustomRequestFactoryServlet</servlet-name>
<url-pattern>/gwtRequestAuth</url-pattern>
</servlet-mapping>
然后我创建Servlet过滤器看起来像这样:
Then I created servlet filter which looks like this:
public class GaeAuthFilter implements Filter
{
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
UserService userService = UserServiceFactory.getUserService();
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (!userService.isUserLoggedIn())
{
String returnURI = "/";
String requestURI = request.getRequestURI();
String refererURI = request.getHeader("Referer");
if (requestURI.equals("/gwtRequestAuth"))
{
if (refererURI != null)
returnURI = refererURI;
} else
returnURI = requestURI;
response.setHeader("login", userService.createLoginURL(returnURI));
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
LoginService.login(request);
filterChain.doFilter(request, response);
}
}
正如你可以看到我设置登录的HTTP标头URL要权威性的网页。
As you can see I set login http-header with URL to auth webpage.
在客户端code我通过实现我自己的<一个拦截href=\"http://google-web-toolkit.google$c$c.com/svn/javadoc/latest/com/google/web/bindery/requestfactory/gwt/client/DefaultRequestTransport.html\"相对=nofollow> DefaultRequestTransport 看起来IKE这样的:
In the client code I intercept it by implementing my own DefaultRequestTransport that looks ike this:
public class GaeAuthRequestTransport extends DefaultRequestTransport
{
private final EventBus eventBus;
public GaeAuthRequestTransport(EventBus eventBus)
{
this.eventBus = eventBus;
}
@Override
protected RequestCallback createRequestCallback(final TransportReceiver receiver)
{
final RequestCallback superCallback = super.createRequestCallback(receiver);
return new RequestCallback()
{
public void onResponseReceived(Request request, Response response)
{
if (Response.SC_UNAUTHORIZED == response.getStatusCode())
{
String loginUrl = response.getHeader("login");
if (loginUrl != null)
{
receiver.onTransportFailure(new ServerFailure(
"Unauthenticated user", null, null, false /* not fatal */));
eventBus.fireEvent(new GaeAuthenticationFailureEvent(loginUrl));
return;
}
}
superCallback.onResponseReceived(request, response);
}
public void onError(Request request, Throwable exception)
{
superCallback.onError(request, exception);
}
};
}
}
射击事件是在客户端code的导航浏览器登录URL处理。
Fired event is handled in the client code that navigates browser to login URL.
这就是它。
这篇关于GWT RequestFactory认证功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!