我使用 SPNEGO Filter 实现了 Windows 身份验证。一切正常,在我的 request.getUserPrincipal() 方法中,我总是得到它正在运行的用户帐户的名称,比方说 testUser1。当我以不同的用户身份运行浏览器时,浏览器应该使用新用户的用户名,比如 testUser2。但它不会那样发生,它需要 testUser1,我登录到我的 Windows 帐户的用户。我的问题是,如何从浏览器获取新用户名,然后将其传递给 SPNEGO?
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:p="http://xmlns.jcp.org/jsf/html"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core">
<h:head>
<title>login</title>
<h:outputStylesheet name="login.css" library="css" />
</h:head>
<h:body>
<div class="form">
<h:form>
<div id="inputText" class="inputTextVis">
<h3>LDAP and Windows Authentication</h3>
<h:outputText value="Username" />
<h:inputText id="username" value="#{login.user}"></h:inputText>
<h:message for="username"></h:message>
<br /> <br />
<h:outputText value="Password" />
<h:inputSecret id="password" value="#{login.pwd}"></h:inputSecret>
<h:message for="password"></h:message>
<br /> <br />
</div>
<h:commandButton action="#{login.authenticationCredentialsWindows}" value="Login"></h:commandButton>
<br />
<br />
<h:selectOneMenu id="drop" value="#{login.authentication}"
onchange="test(this.value)">
<f:selectItem id="dropDownValue" itemValue="Active Directory"
itemLabel="Active Directory" />
<f:selectItem itemValue="Windows" itemLabel="Windows" />
</h:selectOneMenu>
<h:outputScript name="login.js" library="javascript" />
</h:form>
</div>
</h:body>
</html>
public String authenticationCredentialsWindows() throws LoginException, ValidationException
{
try {
HttpServletRequest req = (HttpServletRequest) FacesContext.getCurrentInstance()
.getExternalContext().getRequest();
user = req.getRemoteUser();
ActiveDirectoryAuthentication activeDirectoryAuthentication = new ActiveDirectoryAuthentication();
boolean auth;
auth = activeDirectoryAuthentication.authenticateWithSpnego(req);
if(auth) {
HttpSession session = SessionUtils.getSession();
session.setAttribute("username", user);
return "admin";
}
} catch (ServletException | IOException e) {
FacesContext.getCurrentInstance().addMessage(null,
new FacesMessage(FacesMessage.SEVERITY_WARN, e.getMessage(), e.getMessage()));
// error: authentication failed
System.err.println(e.getMessage());
return "login";
}
}
return "login";
}
public boolean authenticateWithSpnego(HttpServletRequest request) throws ServletException, IOException, LoginException, ValidationException {
Principal userPrincipal = request.getUserPrincipal();
if (userPrincipal != null) {
// User is authenticated
String username = userPrincipal.getName();
return true;
} else {
// User is not authenticated
return false;
}
}