GWT认证和用户信息访问 [英] GWT Authentication and user info access
问题描述
<1>用户提供用户名和密码,并通过RPC发送到服务器。与存储在数据库中的散列值相比较。
2>假设用户名和密码是准确的,Auth令牌将保存在会话中。访问servlet时将检查auth令牌。
3>用户id(整数)通过RPC onSuccess返回给客户端。用户ID保存在客户端的静态变量中。
4>每当需要用户特定信息时,rpc调用用户id(静态变量)将被发送到服务器进行数据库查询。
谢谢 解决方案
p>您不需要将用户标识发送到客户端。这个代码片段创建了一个会话cookie,其中 session.getId() code>你得到它的内容,你应该保存以识别用户:
HttpServletRequest request = this。 getThreadLocalRequest();
HttpSession session = request.getSession(true);
然后,当用户调用服务器时,您只需读回会话标识。
HttpServletRequest request = this.getThreadLocalRequest();
HttpSession session = request.getSession(false);
使用 session.invalidate()销毁会话,也可以在会话中存储对象。
this.getThreadLocalRequest()仅适用于* Impl。 Just wondering if my following authentication method is correct or not. Is there any pitfall or anything missing? Suggestions and discussions are very welcome.
1> User provide user name and password, and send to the server by RPC. Comparing with the hashed value stored in DB.
2> Assuming the user name and password are accurate, an Auth Token is saved in session. The auth token will be checked when accessing the servlets.
3> The user id (integer) is returned to the client by RPC onSuccess. The user id is saved in a static variable on the client side.
4> Whenever the user specific information is needed, the rpc call with the user id (the static variable) will be sent to the server for database query.
Thanks
You don't need to send a user id to the client. The server has already all information he need's to recognize the user.
This code snippet creates a session cookie, with session.getId() you get the content of it, which you should save to recognize the user:
HttpServletRequest request = this.getThreadLocalRequest();
HttpSession session = request.getSession(true);
Then when the user calls your Server, you just read back the session id.
HttpServletRequest request = this.getThreadLocalRequest();
HttpSession session = request.getSession(false);
With session.invalidate() you can destroy the session, it's also possible to store objects in the session.
The this.getThreadLocalRequest() only works in *Impl .
这篇关于GWT认证和用户信息访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
