我有一个liferey - hook到ovrride
的AuthenticateByEmailAddress(...)
方法。
我想获得正在登录的用户的IP地址,并根据它限制访问。
如何在此方法中获取用户IP ?
我使用ServiceBuilder制作portlet。
以下是我在Liferay 6.0.6中使用的方法。
在我的钩子中,我还更改了默认的login.jsp。这实际上是默认的login.jsp,另外还有两件事。首先,从request中获取IP:
<%String ip = PortalUtil.getHttpServletRequest(renderRequest).getRemoteAddr();%>
和添加额外参数:
<portlet:actionURL secure="<%= PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS || request.isSecure() %>" var="loginURL">
<portlet:param name="saveLastPath" value="0" />
<portlet:param name="struts_action" value="/login/login" />
<portlet:param name="requestIp" value="<%= ip %>" />
</portlet:actionURL>
现在,在您重写的AuthenticateByEmailAddress()中,您可以从parameterMap:
获取它String ip = parameterMap.get("requestIp")[0];
只是一个想法,但是如果你想基于IP限制,而不是在你的应用程序中这样做,你可以在你部署应用程序的web服务器中这样做。
例如,在Tomcat中,你可以在web.xml中设置安全约束。
限制ip访问,这也可以在JBoss中完成,这真的取决于你使用的web服务器,但这似乎是最简单的解决方案,而不是在应用程序中做过滤器。
编辑:在下面的评论之后,只需在您重写的方法中执行PortalUtil.getHttpServletRequest(request).getRemoteAddr();
,并将您的业务逻辑放在那里,以查看用户是否更改了ip(将此ip与持久化的ip进行比较)。Liferay已经有一些这样的功能了
我认为这些类是由Service Builder创建的。然后可以简单地使用:
String user = request.getRemoteUser();//take current logged in user ID
int userId = Integer.valueOf(user);//convert it into integer
User newUser = UserLocalServiceUtil.getUser(userId);//get the Liferay user using the user ID you get in the line above
userIp=newUser.getLoginIP();//after you have the current user take his LoginIP with the get method that Liferay has already
在Liferay数据库中,你有一个名为user_
的表,在那里Liferay保存了有关其用户的各种信息。使用UserLocalServiceUtil
,你可以把这个信息,并使用它作为你想要的。
在Liferay Portal中,我通过以下方式获得了正确的客户端Ip地址。
FacesContext facesContext = FacesContext.getCurrentInstance();
PortletRequest portletRequest = (PortletRequest) facesContext.getExternalContext().getRequest();
HttpServletRequest request = PortalUtil.getHttpServletRequest(portletRequest);
HttpServletRequest originalServletRequest = PortalUtil.getOriginalServletRequest(request);
String ipAddress=originalServletRequest.getHeader("x-forwarded-for");
由于只有一个答案有效,我对这个解决方案不是很满意,所以我做了更多的挖掘。
这是我想到的:
创建一个新的过滤器并将其注册到您的生活中。在这里,您将请求存储在线程本地,并在请求结束时将其删除。
之后你可以直接从过滤器中获取请求。
RequestFilter.java
@WebFilter(urlPatterns = "/*")
public class RequestFilter implements Filter {
private static final ThreadLocal<HttpServletRequest> REQUEST = new ThreadLocal<>();
public static HttpServletRequest getRequest() {
HttpServletRequest req = REQUEST.get();
if (req == null) {
throw new IllegalStateException("Attempt to fetch thread-local request outside of filter chain");
}
return req;
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
REQUEST.set((HttpServletRequest)req);
try {
chain.doFilter(req, res);
} finally {
REQUEST.remove();
}
}
@Override
public void destroy() {
}
}
MyAuthFailure.java
public class MyAuthFailure implements AuthFailure {
private static final Log LOG = LogFactoryUtil.getLog(MyAuthFailure.class);
@Override
public void onFailureByEmailAddress(long companyId, String emailAddress,
Map<String, String[]> headers, Map<String, String[]> params) throws AuthException {
logFailure(companyId, emailAddress);
}
@Override
public void onFailureByScreenName(long companyId, String screenName,
Map<String, String[]> headers, Map<String, String[]> params) throws AuthException {
logFailure(companyId, screenName);
}
@Override
public void onFailureByUserId(long companyId, long userId,
Map<String, String[]> headers, Map<String, String[]> params) throws AuthException {
logFailure(companyId, userId);
}
protected void logFailure(String user) {
String ip = RequestFilter.getRequest().getRemoteAddr();
LOG.error("User " + user + " tried to login from IP " + ip);
}
}
liferay-hook.xml
<?xml version="1.0"?>
<!DOCTYPE hook PUBLIC "-//Liferay//DTD Hook 6.2.0//EN" "http://www.liferay.com/dtd/liferay-hook_6_2_0.dtd">
<hook>
<portal-properties>portal.properties</portal-properties>
<custom-jsp-dir>/WEB-INF/jsp</custom-jsp-dir>
<servlet-filter>
<servlet-filter-name>requestFilter</servlet-filter-name>
<servlet-filter-impl>com.stackoverflow.RequestFilter</servlet-filter-impl>
</servlet-filter>
</hook>
portal.properties
auth.failure=com.stackoverflow.MyAuthFailure