使用J2EE进行会话跟踪 [英] Session Tracking using J2EE

问题描述

我正在尝试在我的网站上实施会话跟踪。基本上我希望用户能够使用他们的用户名和密码登录我的网站，传递我的网站页面（仅适用于已登录的用户），然后注销。
目前我正在考虑什么是正确的架构来实现这一目标。所以，这样做是否正确：使用一个servlet来验证用户是否被记录，或者是否正在使用httpSession对象进行登录（有点像这样的示例： http://www.tutorialspoint.com/servlets/servlets-session-tracking.htm ）。在登录尝试的情况下，servlet通过调用无状态会话bean（根据我的数据库验证用户名和密码）来验证用户名和密码。

I'm trying to implement session tracking on my website. Basically I want the users to be able to login in my website using their username and their password, pass throw my website pages (only available for logged users) and then logout. Currently I'm thinking about what is the right architecture to accomplish this. So, is it right to do it like this: use a servlet which validates whether the user is logged or not or if this one is doing a login using a httpSession object (kinda like this example here: http://www.tutorialspoint.com/servlets/servlets-session-tracking.htm). In case of a login attemp the servlet validates the username and password by calling a stateless session bean (which validates the username and password based on my database).

每次都是用户想要旅行到我的网站上只对已登录用户可见的另一个页面，请求必须转到servlet以验证用户是否已登录，然后检索新页面。

Also everytime the user wants to "travel" to another page on my website that is only visible to logged users, the request must go to the servlet to validate whether the user is logged or not and then retrieve the new page.

这是正确的方法吗？如果没有，我怎么能做到这一点？

Is this the right way to do it? If not how can I accomplish this?

非常感谢。

推荐答案

我对术语会话跟踪感到困惑，但我知道您希望允许用户访问受保护资源。

I am confused with term session tracking, but I understand that you want to allow users to access protected resources.

您需要的是定义安全资源的角色，身份验证提供程序和映射。然后你可以将它组合在web.xml中：

What you need is to define roles, authentication provider and mapping for secured resources. Then you can combine it in web.xml:

<security-constraint>
         <display-name>SecurityConstraint</display-name>
        <web-resource-collection>
              <web-resource-name>WRCollection</web-resource-name>
             <url-pattern>/*</url-pattern>
     </web-resource-collection>
        <auth-constraint>
              <role-name>TutorialUser</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
   </security-constraint>
  <login-config>
        <auth-method>FORM</auth-method>
     <form-login-config>
              <form-login-page>/loginform.html</form-login-page>
             <form-error-page>/loginerror.html</form-error-page>
      </form-login-config>
 </login-config>
 <security-role>
    <role-name>TutorialUser</role-name>
</security-role>

参见 http://docs.oracle.com/cd/E19226-01/820-7627/bncby/index.html 了解详情。这是JEE标准方式。

See http://docs.oracle.com/cd/E19226-01/820-7627/bncby/index.html for details. This is JEE standard way.

这篇关于使用J2EE进行会话跟踪的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！