1
我已经实现了一个简单的过滤器,它只是将两个原则添加到当前会话中(请参阅下面的doFilter)。我的问题是,当我请求一个资源时,这是射击,但是我永远无法看到资源,因为弹出了基于FORM的登录屏幕。我试图绕过基于表单的登录过滤器(最终使用快速到期的令牌),尽管似乎没有任何东西似乎允许我这样做。Tomcat SecurityFilter和授权
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httprequest = (HttpServletRequest)request;
HttpServletResponse httpresponse = (HttpServletResponse)response;
HttpSession session = httprequest.getSession(true);
Subject subject = (Subject)session.getAttribute("javax.security.auth.subject");
if (subject == null){
subject = new Subject();
PlainUserPrincipal user = new PlainUserPrincipal("admin");
PlainRolePrincipal role = new PlainRolePrincipal("admin");
subject.getPrincipals().add(user);
subject.getPrincipals().add(role);
}
chain.doFilter(httprequest, httpresponse);
}
@Tim - Doh,并发编辑。我回到你的。 – 2011-01-28 22:48:47