I have mongodb base with users and passwords. I have a jsp file with a form for authorization. filter should be check - authorized user or not. Servlet should authorize user if he not authorized.
请举例说明如何做。
抱歉英语不好。
下面是一个场景:-
User object from session.User object exists, allow user to the secured page.User object doesn t exist, redirect user to the login page.当用户从登录页面提交凭据时:-
User object in the session and displays welcome page.Java EE实现通常允许您设置登录模块。其中包含用于对许多不同系统进行身份验证的实际代码。其中包括一个本地XML文件、一个数据库、LDAP、Kerberos和许多其他文件。
你不必自己写这些,它们已经为你提供了。
您的代码只触发身份验证(或者声明要保护的资源,Java EE为您触发身份验证),对实际的身份验证机制一无所知。实际的身份验证通常是在代码之外配置的。一些Java EE实现允许您在EAR中指定它(例如,通过Jboss AS上的-service.xml文件)。
一个潜在的缺点是,这些模块是特定于Java EE实现的(例如JBoss AS、Glassfish等)。如果您在代码之外配置它,则必须有人为您要在其上运行代码的每个不同的JavaEE应用程序服务器重新执行此操作。
除此之外,Java自动为您触发身份验证(声明性安全)的方式相当粗糙。通常情况下,它的触发是以编程方式完成的,因此您可以更好地控制登录框的工作方式以及何时进行。
请参阅以下内容,了解如何做到这一点:http://it-result.me/servlet-3-programmatic-authentication-api/
或者,也确实存在limc的解释方式。通过这种方法,您可以完全忽略Java EE为此提供的API,只需构建自己的代码,这些代码通常会查询数据库并将一些对象存储到HTTP会话中。这里的缺点是,您的安全上下文不会自动传播,您必须手动传递此对象,或者提供需要检查访问HTTP会话的身份验证的代码。
特别是对于业务bean来说,访问HTTP会话是一种糟糕的做法。
最后,Seam 3承诺为安全问题构建一个可移植的CDI扩展,如果它可用,这可能会有很大帮助。
Hi have this j2ee web application developed using spring framework. I have a problem with rendering mnessages in nihongo characters from the properties file. I tried converting the file to ascii using ...
Check this, List<String> list = new ArrayList<String>(); for (int i = 0; i < 10000; i++) { String value = (""+UUID.randomUUID().getLeastSignificantBits()).substring(3, ...
I am in the middle of solving a problem where I think it s best suited for a decorator and a state pattern. The high level setting is something like a sandwich maker and dispenser, where I have a set ...
I have been trying to execute a MS SQL Server stored procedure via JDBC today and have been unsuccessful thus far. The stored procedure has 1 input and 1 output parameter. With every combination I ...
I have a system which contains multiple applications connected together using JMS and Spring Integration. Messages get sent along a chain of applications. [App A] -> [App B] -> [App C] We set a ...
If I m given two Java Libraries in Jar format, 1 having no bells and whistles, and the other having lots of them that will mostly go unused.... my question is: How will the larger, mostly unused ...
I have a Class variable that holds a certain type and I need to get a variable that holds the corresponding array class. The best I could come up with is this: Class arrayOfFooClass = java.lang....
I m working on a Java desktop application that reads and writes from/to different files. I think a better solution would be to replace the file system by a SQLite database. How hard is it to migrate ...