开发者

Jetty UserRealm redirect on 3th failed login

问答 作者:

If I have a custom Jetty UserRealm implementation and its configured for basic authentication (with SSL), is there any way to get it to go to an specific page after the 3rd failed login?

Well really I just want to display some contact informati开发者_如何转开发on to the user if they cannot login after 3 attempts.

Alternatively is it possible to display the exception which I throw from the 

public Principal authenticate(final String username, final Object credentials, final Request request)

method when its configured as basic authentication?

Thanks Neil

The BasicAuthenticator is responsible for sending the 403 response when there's no valid credentials in the request.

Looking at the Jetty 6 source, you're best bet is probably to subclass the BasicAuthenticator and override public void sendChallenge(UserRealm realm,Response response)

public class MyAuthenticator extends BasicAuthenticator {
    @Override
    public void sendChallenge(UserRealm realm, Response response) {
        int numberOfAttempts = getNumberOfAuthenticationAttempts();

        if (numberOfAttempts > 3) {
            sendContactDetails(realm, response);
        }
        else
            super.sendChallenge(realm, response);
    }

    protected int getNumberOfAuthenticationAttempts() { ... }
    protected void sendContactDetails(Response response) { ... }

}

Obviously the problem doing this is that you don't have access to the HttpServletRequest which may make tracking request attempts more difficult. You could probably gain access to this via HttpConnection.getCurrentConnection(). Otherwise the code for BasicAuthenticator doesn't lend itself to extension without a blob of copy/paste, but that may be OK in your case.

I'm ignoring the issue of how you track the number of requests have been made in the same authentication attempt, that's going to be dependent upon how your clients are connecting.

Alternatively you can set the ErrorHandler on the context, which is used when HttpResponse.sendError is called, which will be the case when you throw an exception in your realm.

I'd probably opt to use the first method as it more clearly separates responsibilities.

继续阅读:basic-authenticationembedded-jettyjetty

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9