我使用基于Liferay的网站并尝试实现登录挂钩,以防止用户在特定条件下登录。我想让它变得尽可能简单:
@Override
public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException
{
if (condition)
{
//redirect to login page, send a message back but just don't let the user login
//but don't block or ban him either.
}
}
它必须看起来像一个错误的密码错误,但它必须在门户端,在用户甚至登录之前(因此PreLoginAction类)
编辑:好的,我使用了注销和重定向方法返回登录页面。但我仍然想生成错误消息。我试过这样的
@Override
public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException
{
if (condition)
{
SessionErrors.add(request, "error");
response.sendRedirect("/c/portal/logout");
}
}
并且对于login.jsp我添加了顶行,但我猜它不像登录操作那样工作。没有显示错误消息
<liferay-ui:error key="error" message="this-account-has-been-locked" />
<liferay-ui:error exception="<%= AuthException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= CompanyMaxUsersException.class %>" message="unable-to-login-because-the-maximum-number-of-users-has-been-reached" />
<liferay-ui:error exception="<%= CookieNotSupportedException.class %>" message="authentication-failed-please-enable-browser-cookies" />
<liferay-ui:error exception="<%= NoSuchUserException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= PasswordExpiredException.class %>" message="your-password-has-expired" />
<liferay-ui:error exception="<%= UserEmailAddressException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= UserLockoutException.class %>" message="this-account-has-been-locked" />
<liferay-ui:error exception="<%= UserPasswordException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= UserScreenNameException.class %>" message="authentication-failed" />
还有另外一种方法吗?我也试过这条线
request.getSession().setAttribute("loginError", "failure message");
并试图在jsp中读取${loginError},但它也无法正常工作。
您只需将用户重定向到response.redirect("/c/portal/logout")即可实际注销用户并将其重定向到主页。
如果要以编程方式自行注销用户,然后重定向,则可以使用以下代码:
@Override
public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {
if (condition) {
// Whatever here ...
// Logout the user.
request.getSession().invalidate();
// Redirect
response.redirect(<YOUR_PAGE>)
}
}
您可以使用身份验证管道来创建检查条件的身份验证器
public class CustomAuth implements Authenticator {
@Override
public int authenticateByEmailAddress(long companyId, String emailAddress, String password, Map<String, String[]> headerMap, Map<String, String[]> parameterMap) throws AuthException {
return 0;
}
@Override
public int authenticateByScreenName(long companyId, String screenName, String password, Map<String, String[]> headerMap, Map<String, String[]> parameterMap) throws AuthException {
return 0;
}
@Override
public int authenticateByUserId(long companyId, long userId, String password, Map<String, String[]> headerMap, Map<String, String[]> parameterMap) throws AuthException {
return 0;
}
}
将您的身份验证器添加到portal.properties中的管道
auth.pipeline.pre=package.CustomAuth
要么
auth.pipeline.post=package.CustomAuth
或者您可以使用身份验证验证程序
public class CustomVerifier implements AuthVerifier{
@Override
public String getAuthType() {
return null;
}
@Override
public AuthVerifierResult verify(AccessControlContext accessControlContext, Properties properties) throws AuthException {
return null;
}
}
并将其配置为portal.properties中的管道
auth.verifier.pipeline=
在您的情况下,最好的选择可能是AuthVerifier