Đây là giải pháp của tôi, nó phù hợp với tôi:Chỉnh sửa face-config.xml:
<lifecycle>
<phase-listener>
com.xxx.admin.security.Login
</phase-listener>
</lifecycle>
Đăng nhập lớp:
public class Login implements PhaseListener {
private static final String USER_LOGIN_OUTCOME = "login";
@Override
public void afterPhase(PhaseEvent event) {
FacesContext context = event.getFacesContext();
if (userExists(context)) {
// 1. Update last login
// 2. may be expired ???
ExternalContext extContext = context.getExternalContext();
try {
ETT_UserDTL tmpUser = (ETT_UserDTL) extContext.getSessionMap().get(User.USER_SESSION_KEY);
if (!Authenticator.authenticateUser(tmpUser, context)) {
// send the user to the login view
reLogin(context);
} else {
;
}
// allow processing of the requested view
} catch (Exception ex) {
SystemLogger.getLogger().error(ex);
ClientMessage.logErr(ex.toString());
reLogin(context);
}
} else {
// send the user to the login view
reLogin(context);
}
}
private boolean userExists(FacesContext context) {
// Need re-check authenticator here.
// Check user exist
ExternalContext extContext = context.getExternalContext();
return (extContext.getSessionMap().containsKey(User.USER_SESSION_KEY));
}
private void reLogin(FacesContext context) {
// send the user to the login view
if (requestingSecureView(context)) {
context.responseComplete();
context.getApplication().
getNavigationHandler().handleNavigation(context,
null,
USER_LOGIN_OUTCOME);
} else {
;
}
}
}
Xác thực LDAP:
public class LDAPAuthentication {
static String ATTRIBUTE_FOR_USER = "sAMAccountName";
@SuppressWarnings("unchecked")
public Attributes authenticateUser(String username, String password, String strDomain, String strHost, String dn) throws NamingException {
String searchFilter = "(&(objectClass=user)(" + ATTRIBUTE_FOR_USER + "=" + username + "))";
// Create the search controls
SearchControls searchCtls = new SearchControls();
// searchCtls.setReturningAttributes(returnedAtts);
// Specify the search scope
searchCtls.setSearchScope(SearchControls.OBJECT_SCOPE);
String searchBase = dn;
Hashtable environment = new Hashtable();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// Using starndard Port, check your instalation
environment.put(Context.PROVIDER_URL, "ldap://" + strHost);
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
environment.put(Context.SECURITY_PRINCIPAL, username + "@" + strDomain);
environment.put(Context.SECURITY_CREDENTIALS, password);
LdapContext ctxGC = null;
try {
ctxGC = new InitialLdapContext(environment, null);
// Search for objects in the GC using the filter
NamingEnumeration answer = ctxGC.search(searchBase, searchFilter, searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
Attributes attrs = sr.getAttributes();
if (attrs != null) {
return attrs;
}
}
} catch (Exception e) {
SystemLogger.getLogger().error(e);
}
return null;
}
}
Xác thực:
public static boolean authenticateLDAPUser(String strUser, String strPass, String strDomain, String strHost) throws NamingException, Exception {
LDAPAuthentication ldap = new LDAPAuthentication();
Attributes att = ldap.authenticateUser(strUser, strPass, strDomain, strHost, "");
if (att != null) {
try {
ETT_UserDTL tmpUser = (ETT_UserDTL) DataUtil.performAction(DATA_UserGUI.class, "getInfByUserName", strUser);
tmpUser.setPassword(strPass);
if (!otherAuthenticate(tmpUser)) {
Authenticator.removeUser();
return false;
} else {
;
}
pushUser(tmpUser);
return true;
} catch (TelsoftException ex) {
SystemLogger.getLogger().error(ex);
return false;
}
} else {
updateLoginFail();
return false;
}
}
