关于JSF 2的Https，用于受保护的资源和登录 [英] Https on JSF 2, for protected resources and login

问题描述

我有一个带有2个属性的托管bean： userName & 密码（及其各自的getter和setter方法），以及访问数据库以验证登录的 login（）方法凭证。

I have a managed bean with 2 attribute: userName & password (with its respective getters and setters methods), and a login() method that access the database to verify login credentials.

我的问题是，当用户点击登录按钮时，操作必须通过https协议。如何使用JSF 2实现这一目标？

My question is, when the user clicks the "login" button, the action must go through https protocol. How can I achieve this with JSF 2?

另外，如果我想要保护一些Faces（在https协议下），我该如何实现？是否有过滤器可以让我这样做？

Also, if I want to have some Faces to be protected (under https protocol), how do I achieve this? Is there a filter that enables me to do this?

提前致谢。

推荐答案

您可以在应用程序的web.xml中定义安全约束：

You can define a security constraint in the web.xml of your application:

<security-constraint>
   <web-resource-collection>
      <web-resource-name>SecureConnection</web-resource-name>
        <url-pattern>*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint/>
      <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
</security-constraint>

调整url-pattern以包含登录页面和所有其他安全页面。 https的使用由user-data-constraint定义。

Adapt the url-pattern to contain your login page and all other secured pages. The use of https is defined by the user-data-constraint.

来自 Java EE教程：

如果指定CONFIDENTIAL或
INTEGRAL作为安全约束，
通常意味着SSL的使用是
，并且适用于与web
资源集合中的URL模式匹配的所有请求
，而不仅仅是
登录对话框。

If you specify CONFIDENTIAL or INTEGRAL as a security constraint, it generally means that the use of SSL is required and applies to all requests that match the URL patterns in the web resource collection, not just to the login dialog box.

如果您编写了自己的login（）方法并且正在使用Glassfish，您可以使用 JDBCRealm 作为替代登录方法来查看基于容器的身份验证。

If you wrote your own login() method and are using Glassfish, you could take a look at container-based authentication with a JDBCRealm as alternative login approach.

这篇关于关于JSF 2的Https，用于受保护的资源和登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！