我解决了它的工作。但是这有问题。
我写了一个吊带过滤器并将其映射到我想限制访问的文件夹,所以如果有人呼吁该文件夹或子文件夹/文件的请求通过我的过滤器。
在我的过滤器中,我检查用户是否已登录。 但是,现在出现的问题是,任何想访问此文件夹的人都必须登录到我的应用程序中,使用该应用程序设置会话。而Admin(CQ主作者无法访问文件夹本身。)
管理员已停止我束(具有上面提到的过滤器),然后访问DAM文件夹作为束中过滤器防止了CQ管理员访问DAM。任何快速解决方案
代码:
package com.xxx.hiresite.filters;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.sling.SlingFilter;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@SlingFilter(order = -1000)
@Properties({
@Property(name="service.pid", value="com.xxx.hiresite.filters.DAMAccessFilter",propertyPrivate=false),
@Property(name="service.description",value="DAM Documents Authentication Filter", propertyPrivate=false),
@Property(name="service.vendor",value="Zensar Tech", propertyPrivate=false),
@Property(name="pattern",value="/content/dam/xxxdocuments/.*", propertyPrivate=false)
})
public class DAMAccessFilter implements Filter{
private final Logger log = LoggerFactory.getLogger(this.getClass());
@Reference
protected ResourceResolverFactory resolverFactory;
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// Authentication Filter for the whole application
log.info("DAMAccessFilter Invoked***************************");
HttpServletRequest httpServletRequest = (HttpServletRequest)request;
String path =httpServletRequest.getRequestURI();
log.info("Request URI ::"+path);
HttpSession session = httpServletRequest.getSession(false);
if(session ==null || session.getAttribute("userId")==null)
{
log.info("DAMAccessFilter :: Not Logged in");
HttpServletResponse httpResponse = (HttpServletResponse)response;
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
}
else
{
log.info("DAMAccessFilter :: Logged in");
chain.doFilter(request, response);
log.info("DAMAccessFilter Done");
}
}
public void init(FilterConfig config) throws ServletException {
}
}
最终用户不是组的最终用户吗? –
不是。他们是普通用户, Facebook或任何社交网站任何输入? – Oliver
你有什么样的用户差异?servlet过滤器可能是提供插件授权机制的一个很好的选择,特别是如果它只是一个边缘案例 –