再次登录后自动登录到 JSF 应用程序 [英] Automatic login to JSF application on revisits, after once logged in
问题描述
对于典型的最典型的面向互联网的网站,当您登录时只需关闭选项卡即可离开网站(无需注销),然后在连续重新访问时,您可能无需重新指定凭据或登录,您将直接登录.
For typical most typical internet facing websites when you login & leave the website by just closing the tab (without logging out), then on successive revisits, you may not be required to re-specify your credentials or login, you are directly logged in.
这一切是如何在后端发生的?如何在我的 JSF 2.1 应用程序上启用这种机制?
How does all that happen on the backend? How can I enable such mechanism on my JSF 2.1 application?
在 Tomcat7 服务器上使用 JSF 2.1
Using JSF 2.1 on Tomcat7 server
推荐答案
这基本上是由一个长期存在的 cookie 完成的.JSF API 不提供此功能,因为它只是一个简单的基于组件的 MVC 框架.标准 Java EE API 也不提供此功能.一些认证框架,如 Spring Security 和 Apache Shiro 提供此功能.
This is basically done by a long-living cookie. This functionality is not provided by the JSF API as it's just a simple component based MVC framework. This functionality is also not provided by the standard Java EE API. Some authenticaiton frameworks like Spring Security and Apache Shiro offer this functionality.
如果您需要使用plain"来实现它Java EE/JSF,那么您需要在登录时通过 ExternalContext#addResponseCookie().cookie 值必须是长的、唯一的、自动生成的且难以猜测的值(例如 java.util.UUID),您也将其存储在与用户 ID 关联的数据库中.然后,您可以使用一个简单的 servlet 过滤器通过 HttpServletRequest#getCookies()当已确认登录用户不在时.如果 cookie 找到并且有效,则自动登录用户.
If you need to implement this using "plain" Java EE / JSF, then you'd need to create a long-living cookie yourself during login by ExternalContext#addResponseCookie(). The cookie value must be a long, unique, autogenerated and hard-to-guess value (e.g. java.util.UUID) which you also store in the DB associated with the user ID. Then, you can use a simple servlet filter to check for the cookie by HttpServletRequest#getCookies() when the logged-in user has been confirmed to be absent. If the cookie is found and is valid, then auto-login the user.
为了提高安全性,如有必要,请为最终用户提供锁定"程序的选项.用户 IP 上的此 cookie,您也将其与 cookie ID 和用户 ID 一起存储在数据库中.
To improve security, provide if necessary the enduser the option to "lock" this cookie on the user IP which you also store in the DB along with the cookie ID and user ID.
这篇关于再次登录后自动登录到 JSF 应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
