如何保护我的 Java Web 应用程序? [英] How to secure my java web application?
问题描述
我有一个 Web 应用程序,当用户登录时,他们会到达 mainjsp.jsp 页面.
I have a web application in which when users login they reach the mainjsp.jsp page.
在此页面中,日期文本框很少,并且根据日期和从另一个下拉列表中的选择,提交数据.该数据由 servlet 检索并返回到 mainjsp 页面.
In this page there are few text-box for dates and based on dates and selection from another drop-down, data is submitted. This data is retrieved by a servlet and brought back to the mainjsp page.
我担心的是安全性.现在,当我复制粘贴 mainjsp.jsp 页面的 URL 并将其粘贴到任何浏览器中时,该页面将按原样显示.我不希望这发生.我希望用户先登录,因此我希望我的网络应用程序安全.
My concern is about security. Now when I copy paste the mainjsp.jsp page's URL and paste it in any browser this page appears as it is. I don't want this to happen. I want the users to login first and hence I want my web application secure.
我不知道如何做到这一点.你能告诉我我怎样才能做到这一点吗?
I don't have any idea how to do this. Could you please tell me how can I achieve this?
另外请告诉我如何为网络应用程序中的任何页面实现这一点.如果用户没有登录,他们应该无法访问任何页面.
Also please tell me how do I achieve this for any of the pages in the web-application. Users should not be able to access any page if they haven't logged in.
推荐答案
您应该拥有基于表单的身份验证.这是应该添加到您的 web.xml
You should have Form based authentication. Here is the snippet which should be added to your web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>pagesWitUnrestrictedAccess</web-resource-name>
<description>No Description</description>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>No Description</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
一些参考资料:
这篇关于如何保护我的 Java Web 应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
