ofbiz 的登錄比較完善,並且實現了單點登錄,下面是筆者記錄的ofbiz登錄的基本過程.
在org.ofbiz.securityext.login.LoginEvents中有靜態變量
保存了所有登陸的用戶和用戶登錄的webapp.這樣為單點登錄提供了很大的方便.
在controller.xml中登錄配置:
<request-map uri="login">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
在輸入用戶名和密碼后,ofbiz的前端控制器將調用org.ofbiz.securityext.login.LoginEvents類中的靜態方法login.
- 得到用戶名和密碼並處理大小寫.
String username = request.getParameter("USERNAME"
); String password = request.getParameter("PASSWORD"
); if (username == null) username = (String) session.getAttribute("USERNAME"
); if (password == null) password = (String) session.getAttribute("PASSWORD"
);
if ((username != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "username.lowercase"))))
{
username = username.toLowerCase();
}
if ((password != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "password.lowercase"))))
{ password = password.toLowerCase(); }
- 判斷是否登錄
if ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "login.lock.active")))
{ boolean userIdLoggedIn = isLoggedInSession(username, request, false); boolean thisUserLoggedIn = isLoggedInSession(username, request, true);
if (userIdLoggedIn && !thisUserLoggedIn) { request.setAttribute("_ERROR_MESSAGE_", "<b>This user is already logged in.</b><br>"); return "error";
} }
准備visit
// get the visit id to pass to the userLogin for history
String visitId = VisitHandler.getVisitId(session);
visit = delegator.makeValue("Visit", null
); Long nextId = delegator.getNextSeqId("Visit"
);visit.set("visitId"
, nextId.toString()); visit.set("sessionId"
, session.getId()); visit.set("fromDate", new
Timestamp(session.getCreationTime()));InetAddress address =
InetAddress.getLocalHost(); if (address != null)
{ visit.set("serverIpAddress", address.getHostAddress()); visit.set("serverHostName", address.getHostName()); }
else
{ Debug.logError("Unable to get localhost internet address, was null", module); }
visit.create(); session.setAttribute(
"visit", visit);
進行驗證
result = dispatcher.runSync("userLogin", UtilMisc.toMap("login.username", username, "login.password", password, "visitId", visitId));
處理驗證結果(1.判斷是否具有基本權限)
ComponentConfig.WebappInfo info =
ComponentConfig.getWebAppInfo(serverId, contextPath); String permission =
info.getBasePermission(); if (!"NONE".equals(permission) && !security.hasEntityPermission(permission, "_VIEW", userLogin))
{ return false; }
(2.完成基本的登錄過程)
session.setAttribute("userLogin"
, userLogin); // let the visit know who the user is
VisitHandler.setUserLogin(session, userLogin, false
); loginToSession(userLo
gin, request);
loginToSession(userLogin, request);
表示在靜態變量中loggedInSessions加入 userLoginId 和webappName session.getId().
public static Map loggedInSessions = new HashMap();