网站上的表单认证 [英] Form Authentication on Website
问题描述
下面是我们的Tomcat Web服务器是如何设定目前。我们正在使用的JSP的网页。
Here is how our Tomcat webserver is currently setup. We are using jsp for the webpages.
- / webserverpath /主(所有的公共页面和登录页面)
- / webserverpath / SECURE1(私有页面)
- / webserverpath / secure2(私有页面)
- / webserverpath / secure3(私有页面)
我最近发现,认证是很小的。比如一旦用户登录,他们可以书签任何私人页面,关闭浏览器,打开浏览器备份和去书签,并且永远不会要求您重新登录(这原来是坏的,因为我们最近开始禁止用户)。所有这一切都是建立在我到来。我不知道我能做些什么来添加适当的安全?我应该在一个主文件夹所有文件夹(例如/ webserverpath /主/ SECURE1等),或者只是息事宁人?
I recently discovered that the authentication is very minimal. For instance once a user is logged in they can bookmark any private page, close the browser, open the browser back up and go to the bookmark and is never asked to sign in again (which turns out to be bad since we recently started disabling users). All of this was setup before I arrived. I'm wondering what can I do to add the proper security? Should I have all the folders under one main folder (ie /webserverpath/main/secure1, etc.) or just leave it alone?
让我补充一点,我是新望对整个网站验证的东西,有像这样和JSP本身。
Let me add that I'm newish to the whole website authentication stuff, having multiple websites in different folders like this and JSP itself.
感谢您
推荐答案
您可能会从这里开始:的声明Web应用程序安全性与Servlet和JSP
通常情况下,你可能想要的人踢出来的网站的隐私部位,如果他们没有身份验证的一些基于会话的验证。
You might start here: Declarative Web Application Security with Servlets and JSP
Generally, you probably want some session-based authentication that kicks people out of the private parts of the site if they aren't authenticated.
这篇关于网站上的表单认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
