Figure 10 Compile Successful screen redeployment, such as: Build Deploy Figure 11 Deployment Successful screen Now we can turn on the browser, re-executing once in the above process, when entering http: // localhost: 8080 / petstore / index.jsp, observe Ri Console Show Out of the page, login failure page URL: Figure 12 Login page, login failure page URL from the homepage options users account browsing page, Ri Console show the destination page URL and find Customer.do as the protection page: Figure 13 Purpose Page URL and find Custom.do to the second phase of the Signon.Screen can find the content corresponding file from ScreenDefinitions_en_us.xml to Signon.jsp, its source location in PetStore_Home / SRC / Apps / PetStore / SRC / DOCROOT, open it, please see about 53 columns:
yes. B>
tr>
User name: b> td>
waf: value> waf: input> td> Tr>
Slightly ... this is a typical web-form input screen, using JSTL and PetStore self-written self-subscriber (Custom Tag), these volume labeling is not the discussion focus of this article, please readers Refer to relevant documents, books,
We put the focus on the process. Please note the bold part of the above program fragment, the user will press the account (the user name) and password, press the SIGN button, the server (web server) will request Request Transfer to "j_signon_check" this strange URL, let's go back to Signonfilter, on the initial variable declaration, you can find this URL, about 70 columns: public static final string form_signon_url = "j_signon_check; in the DOFILTER () The following programs receive the request for authentication, by the way, add the reconnaissance program code, easy to obtain the program verification: // Judgment the user from the login screen (Signon.Screen) verify the work IF ((targetURL! = Null) && targeturl .Equals (form_signon_url) {System.out.Println ("Form Signon Check"); Validatesignon (Request, Response, Chain); // Jump Out of this method Return;} then verify user verification in the Validatesignon () Work, remove the field value entered from the request, if the user has the function of checking the Remember My UserName, produces a cookie record user account, and then read data from the database through EJB Tier Yes, the verification is successful to deposit the user account (user_name) and whether the parameter has been logged in (Signed_on_user) parameter, remove the URL (Original_URL) from Request, will reach our destination - users Basic data browse Screen (Customer.do); If you verify that the page is transduced to the login failed screen (signon_error.screen), readers should read the reconnaissance program code.
public void validateSignOn (ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {// user input field values extracted from the Request // convert to a http servlet request for now HttpServletRequest hreq = (HttpServletRequest) request; HttpServletResponse hres = (HttpServletResponse) response; // get the user name String userName = hreq.getParameter (FORM_USER_NAME); // get the password String password = hreq.getParameter (FORM_PASSWORD); // check if the user wants userName set in cookie String rememberUserName = HREQ.GETPARAMETER; // If the user has the user with the REMEMBER MY User Name, create a cookie record user account if (RememberUserName! = null) {// set a cookie with the Username in it cookie UsernameCookie = New cookie (cookie_name, username); // set cookie to last for one monSernameCookie.setMaxage (2678400); hres.addcookie (usernamecookie); } else {// See if the cookie (] (cookies! = null) {for (int loop = 0; loop
// Account and password verification boolean automated = signon.authenticate (username, password); if (automated) {// Verify successfully stores the user account (user_name) and whether the login (Signed_on_user) parameter is deposited in session // Place A true boolean in the session if (hreq.getSession () getAttribute (USER_NAME) = null.!) {hreq.getSession () removeAttribute (USER_NAME);.}. hreq.getSession () setAttribute (USER_NAME, userName); // remove the sign on user key before putting it back in if (hreq.getSession () getAttribute (SIGNED_ON_USER) = null.!) {hreq.getSession () removeAttribute (SIGNED_ON_USER);.}. hreq.getSession () setAttribute (SIGNED_ON_USER, new Boolean (TRUE)); // Transfer web page will reach our destination - user basic data browsing screen (Customer.do) // redirect to the original destination string targetURL = (String) HREQ.GetSession (). GetaTtribute (Original_URL); hres.sendredirect (targeturl); return;} else {// If verified is wrong Transduced into the page failed log screen (signon_error.screen) hres.sendRedirect (signOnErrorPage); return;}} // made SignOn Local Stateless Session Bean Reference private SignOnLocal getSignOnEjb () throws ServletException {SignOnLocal signOn = null; try {InitialContext ic = New initialContext (); Object O = IC.LOOKUP ("Java: Comp / ENV / EJB / LOCAL / Signon"); SignonLocalHome Home = (SignonLocalHome) O; signon = Home.create ();} catch (javax.ejb. CreateException CX) {throw new servletexception ("Failed to create Signon EJB: CAUGHT" CX);