这是我的解决方案,对我有用:编辑faces-config.xml:
<lifecycle> <phase-listener> com.xxx.admin.security.Login </phase-listener> </lifecycle>
类登录:
public class Login implements PhaseListener { private static final String USER_LOGIN_OUTCOME = "login"; @Override public void afterPhase(PhaseEvent event) { FacesContext context = event.getFacesContext(); if (userExists(context)) { // 1. Update last login // 2. may be expired ??? ExternalContext extContext = context.getExternalContext(); try { ETT_UserDTL tmpUser = (ETT_UserDTL) extContext.getSessionMap().get(User.USER_SESSION_KEY); if (!Authenticator.authenticateUser(tmpUser, context)) { // send the user to the login view reLogin(context); } else { ; } // allow processing of the requested view } catch (Exception ex) { SystemLogger.getLogger().error(ex); ClientMessage.logErr(ex.toString()); reLogin(context); } } else { // send the user to the login view reLogin(context); } } private boolean userExists(FacesContext context) { // Need re-check authenticator here. // Check user exist ExternalContext extContext = context.getExternalContext(); return (extContext.getSessionMap().containsKey(User.USER_SESSION_KEY));}private void reLogin(FacesContext context) { // send the user to the login view if (requestingSecureView(context)) { context.responseComplete(); context.getApplication(). getNavigationHandler().handleNavigation(context, null, USER_LOGIN_OUTCOME); } else { ; } } }LDAP验证:
public class LDAPAuthentication { static String ATTRIBUTE_FOR_USER = "sAMAccountName"; @SuppressWarnings("unchecked") public Attributes authenticateUser(String username, String password, String strDomain, String strHost, String dn) throws NamingException { String searchFilter = "(&(objectClass=user)(" + ATTRIBUTE_FOR_USER + "=" + username + "))"; // Create the search controls SearchControls searchCtls = new SearchControls(); // searchCtls.setReturningAttributes(returnedAtts); // Specify the search scope searchCtls.setSearchScope(SearchControls.OBJECT_SCOPE); String searchbase = dn; Hashtable environment = new Hashtable(); environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); // Using starndard Port, check your instalation environment.put(Context.PROVIDER_URL, "ldap://" + strHost); environment.put(Context.SECURITY_AUTHENTICATION, "simple"); environment.put(Context.SECURITY_PRINCIPAL, username + "@" + strDomain); environment.put(Context.SECURITY_CREDENTIALS, password); LdapContext ctxGC = null; try { ctxGC = new InitialLdapContext(environment, null); // Search for objects in the GC using the filter NamingEnumeration answer = ctxGC.search(searchbase, searchFilter, searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); Attributes attrs = sr.getAttributes(); if (attrs != null) { return attrs; } } } catch (Exception e) { SystemLogger.getLogger().error(e); } return null; }}验证方式:
public static boolean authenticateLDAPUser(String strUser, String strPass, String strDomain, String strHost) throws NamingException, Exception { LDAPAuthentication ldap = new LDAPAuthentication(); Attributes att = ldap.authenticateUser(strUser, strPass, strDomain, strHost, ""); if (att != null) { try { ETT_UserDTL tmpUser = (ETT_UserDTL) DataUtil.performAction(DATA_UserGUI.class, "getInfByUserName", strUser); tmpUser.setPassword(strPass); if (!otherAuthenticate(tmpUser)) { Authenticator.removeUser(); return false; } else { ; } pushUser(tmpUser); return true; } catch (TelsoftException ex) { SystemLogger.getLogger().error(ex); return false; } } else { updateLoginFail(); return false; } }
