问题描述

我在一个需要身份验证的新项目上使用 GWT 和 RequestFactory.

I'm using GWT and RequestFactory on a new project that needs authentication.

添加登录和注销功能的最佳位置在哪里?在 UserRequestContext 中?

Where would be the best place to add the login and logout functions ? in a UserRequestContext ?

提前致谢.

推荐答案

使用 servlet 过滤器.

Use servlet filter.

我将 RequestFactory 调用分成两个流 - 一个用于未经身份验证的调用，另一个用于经过身份验证的调用.这是我的 web.xml 的一部分.

I split RequestFactory calls into two streams - one for unauthenticated calls and another one for authenticated ones. Here is piece of my web.xml.

<servlet>
    <servlet-name>CustomRequestFactoryServlet</servlet-name>
    <servlet-class>my.server.CustomRequestFactoryServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>CustomRequestFactoryServlet</servlet-name>
    <url-pattern>/gwtRequest</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>CustomRequestFactoryServlet</servlet-name>
    <url-pattern>/gwtRequestAuth</url-pattern>
</servlet-mapping>

然后我创建了如下所示的 servlet 过滤器:

Then I created servlet filter which looks like this:

public class GaeAuthFilter implements Filter
{
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
    {
        UserService userService = UserServiceFactory.getUserService();
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        if (!userService.isUserLoggedIn())
        {
            String returnURI = "/";

            String requestURI = request.getRequestURI();
            String refererURI = request.getHeader("Referer");
            if (requestURI.equals("/gwtRequestAuth"))
            {
                if (refererURI != null)
                    returnURI = refererURI;
            } else
                returnURI = requestURI;

            response.setHeader("login", userService.createLoginURL(returnURI));
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }

        LoginService.login(request);

        filterChain.doFilter(request, response);
    }
}

如您所见，我将 login http-header 与 URL 设置为 auth 网页.

As you can see I set login http-header with URL to auth webpage.

在客户端代码中，我通过实现自己的DefaultRequestTransport 看起来像这样:

In the client code I intercept it by implementing my own DefaultRequestTransport that looks ike this:

public class GaeAuthRequestTransport extends DefaultRequestTransport
{
    private final EventBus eventBus;

    public GaeAuthRequestTransport(EventBus eventBus)
    {
        this.eventBus = eventBus;
    }

    @Override
    protected RequestCallback createRequestCallback(final TransportReceiver receiver)
    {
        final RequestCallback superCallback = super.createRequestCallback(receiver);

        return new RequestCallback()
        {
            public void onResponseReceived(Request request, Response response)
            {
                if (Response.SC_UNAUTHORIZED == response.getStatusCode())
                {
                    String loginUrl = response.getHeader("login");
                    if (loginUrl != null)
                    {
                        receiver.onTransportFailure(new ServerFailure(
                                "Unauthenticated user", null, null, false /* not fatal */));
                        eventBus.fireEvent(new GaeAuthenticationFailureEvent(loginUrl));
                        return;
                    }
                }
                superCallback.onResponseReceived(request, response);
            }

            public void onError(Request request, Throwable exception)
            {
                superCallback.onError(request, exception);
            }
        };
    }
}

在浏览器导航到登录 URL 的客户端代码中处理 Fired 事件.

Fired event is handled in the client code that navigates browser to login URL.

就是这样.

这篇关于GWT RequestFactory 身份验证函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！