ofbiz 的登录比较完善,并且实现了单点登录,下面是笔者记录的ofbiz登录的基本过程.
在org.ofbiz.securityext.login.LoginEvents中有静态变量
保存了所有登陆的用户和用户登录的webapp.这样为单点登录提供了很大的方便.
在controller.xml中登录配置:
<request-map uri="login">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
在输入用户名和密码后,ofbiz的前端控制器将调用org.ofbiz.securityext.login.LoginEvents类中的静态方法login.
- 得到用户名和密码并处理大小写.
String username = request.getParameter("USERNAME");
String password = request.getParameter("PASSWORD");
if (username == null) username = (String) session.getAttribute("USERNAME");
if (password == null) password = (String) session.getAttribute("PASSWORD");
if ((username != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "username.lowercase")))) {
username = username.toLowerCase();
}
if ((password != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "password.lowercase")))) {
password = password.toLowerCase();
}
String password = request.getParameter("PASSWORD");
if (username == null) username = (String) session.getAttribute("USERNAME");
if (password == null) password = (String) session.getAttribute("PASSWORD");
if ((username != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "username.lowercase")))) {
username = username.toLowerCase();
}
if ((password != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "password.lowercase")))) {
password = password.toLowerCase();
}
- 判断是否登录
if ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "login.lock.active"))) {
boolean userIdLoggedIn = isLoggedInSession(username, request, false);
boolean thisUserLoggedIn = isLoggedInSession(username, request, true);
if (userIdLoggedIn && !thisUserLoggedIn) {
request.setAttribute("_ERROR_MESSAGE_", "<b>This user is already logged in.</b><br>");
return "error";
}
}
boolean userIdLoggedIn = isLoggedInSession(username, request, false);
boolean thisUserLoggedIn = isLoggedInSession(username, request, true);
if (userIdLoggedIn && !thisUserLoggedIn) {
request.setAttribute("_ERROR_MESSAGE_", "<b>This user is already logged in.</b><br>");
return "error";
}
}
准备visit
// get the visit id to pass to the userLogin for history
String visitId = VisitHandler.getVisitId(session);
String visitId = VisitHandler.getVisitId(session);
visit = delegator.makeValue("Visit", null);
Long nextId = delegator.getNextSeqId("Visit");
visit.set("visitId", nextId.toString());
visit.set("sessionId", session.getId());
visit.set("fromDate", new Timestamp(session.getCreationTime()));
InetAddress address = InetAddress.getLocalHost();
if (address != null) {
visit.set("serverIpAddress", address.getHostAddress());
visit.set("serverHostName", address.getHostName());
} else {
Debug.logError("Unable to get localhost internet address, was null", module);
}
visit.create();
session.setAttribute("visit", visit);
Long nextId = delegator.getNextSeqId("Visit");
visit.set("visitId", nextId.toString());
visit.set("sessionId", session.getId());
visit.set("fromDate", new Timestamp(session.getCreationTime()));
InetAddress address = InetAddress.getLocalHost();
if (address != null) {
visit.set("serverIpAddress", address.getHostAddress());
visit.set("serverHostName", address.getHostName());
} else {
Debug.logError("Unable to get localhost internet address, was null", module);
}
visit.create();
session.setAttribute("visit", visit);
进行验证
result = dispatcher.runSync("userLogin", UtilMisc.toMap("login.username", username, "login.password", password, "visitId", visitId));
处理验证结果(1.判断是否具有基本权限)
ComponentConfig.WebappInfo info = ComponentConfig.getWebAppInfo(serverId, contextPath);
String permission = info.getBasePermission();
if (!"NONE".equals(permission) && !security.hasEntityPermission(permission, "_VIEW", userLogin)) {
return false;
}
String permission = info.getBasePermission();
if (!"NONE".equals(permission) && !security.hasEntityPermission(permission, "_VIEW", userLogin)) {
return false;
}
(2.完成基本的登录过程)
session.setAttribute("userLogin", userLogin);
// let the visit know who the user is
VisitHandler.setUserLogin(session, userLogin, false);
loginToSession(userLogin, request);
// let the visit know who the user is
VisitHandler.setUserLogin(session, userLogin, false);
loginToSession(userLogin, request);
loginToSession(userLogin, request);
表示在静态变量中loggedInSessions加入 userLoginId 和webappName session.getId().
public static Map loggedInSessions = new HashMap();