ofbiz 的登录比较完善,并且实现了单点登录,下面是笔者记录的ofbiz登录的基本过程.
在
org.ofbiz.securityext.login.LoginEvents中有静态变量
/**//** This Map is keyed by userLoginId and the value is another Map keyed by the webappName and the value is the sessionId.
* When a user logs in an entry in this Map will be populated for the given user, webapp and session.
* When checking security this Map will be checked if the user is logged in to see if we should log them out automatically; this implements the universal logout.
* When a user logs out this Map will be cleared so the user will be logged out automatically on subsequent requests.
*/
public static Map loggedInSessions = new HashMap();
保存了所有登陆的用户和用户登录的webapp.这样为单点登录提供了很大的方便.
在controller.xml中登录配置:
<request-map uri="login">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
在输入用户名和密码后,ofbiz的前端控制器将调用org.ofbiz.securityext.login.LoginEvents类中的静态方法login.
- 得到用户名和密码并处理大小写.
String username = request.getParameter("USERNAME");
String password = request.getParameter("PASSWORD");
if (username == null) username = (String) session.getAttribute("USERNAME");
if (password == null) password = (String) session.getAttribute("PASSWORD");
if ((username != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "username.lowercase")))) 
{
username = username.toLowerCase();
}
if ((password != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "password.lowercase")))) {
password = password.toLowerCase();
}
- 判断是否登录
if ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "login.lock.active"))) {
boolean userIdLoggedIn = isLoggedInSession(username, request, false);
boolean thisUserLoggedIn = isLoggedInSession(username, request, true);
if (userIdLoggedIn && !thisUserLoggedIn) {
request.setAttribute("_ERROR_MESSAGE_", "<b>This user is already logged in.</b><br>");
return "error";
}
}
准备visit
// get the visit id to pass to the userLogin for history
String visitId = VisitHandler.getVisitId(session);
visit = delegator.makeValue("Visit", null);
Long nextId = delegator.getNextSeqId("Visit");
visit.set("visitId", nextId.toString());
visit.set("sessionId", session.getId());
visit.set("fromDate", new Timestamp(session.getCreationTime()));
InetAddress address = InetAddress.getLocalHost();
if (address != null) {
visit.set("serverIpAddress", address.getHostAddress());
visit.set("serverHostName", address.getHostName());
} else {
Debug.logError("Unable to get localhost internet address, was null", module);
}
visit.create();
session.setAttribute("visit", visit); 进行验证
result = dispatcher.runSync("userLogin", UtilMisc.toMap("login.username", username, "login.password", password, "visitId", visitId)); 处理验证结果(1.判断是否具有基本权限)
ComponentConfig.WebappInfo info = ComponentConfig.getWebAppInfo(serverId, contextPath);
String permission = info.getBasePermission();
if (!"NONE".equals(permission) && !security.hasEntityPermission(permission, "_VIEW", userLogin)) {
return false;
} (2.完成基本的登录过程)
session.setAttribute("userLogin", userLogin);
// let the visit know who the user is
VisitHandler.setUserLogin(session, userLogin, false);
loginToSession(userLogin, request); loginToSession(userLogin, request);
表示在静态变量中loggedInSessions加入 userLoginId 和webappName session.getId().
posted on 2005-08-05 14:51
staunch 阅读(660)
评论(0) 编辑 收藏