登录后,在重新访问时自动登录JSF应用程序 [英] Automatic login to JSF application on revisits, after once logged in
问题描述
对于典型的最典型的面向互联网的网站,当您登录&只需关闭选项卡(而无需注销)即可离开网站,然后在连续重访时,您可能无需重新指定凭据或登录,直接登录。
For typical most typical internet facing websites when you login & leave the website by just closing the tab (without logging out), then on successive revisits, you may not be required to re-specify your credentials or login, you are directly logged in.
后端如何发生这种情况?如何在我的JSF 2.1应用程序上启用此类机制?
How does all that happen on the backend? How can I enable such mechanism on my JSF 2.1 application?
在Tomcat7服务器上使用JSF 2.1
Using JSF 2.1 on Tomcat7 server
推荐答案
这基本上是由一个长期存在的cookie完成的。 JSF API不提供此功能,因为它只是一个基于组件的简单MVC框架。标准Java EE API也不提供此功能。一些认证框架,如 Spring Security 和 Apache Shiro 提供此功能。
This is basically done by a long-living cookie. This functionality is not provided by the JSF API as it's just a simple component based MVC framework. This functionality is also not provided by the standard Java EE API. Some authenticaiton frameworks like Spring Security and Apache Shiro offer this functionality.
如果需要使用普通Java EE实现此功能/ JSF,然后你需要在登录期间自己创建一个长寿的cookie ExternalContext #addResponseCookie() 。 cookie值必须是一个长的,唯一的,自动生成且难以猜测的值(例如 java.util.UUID )您还存储在与用户ID关联的数据库中。然后,您可以使用简单的 servlet过滤器通过 HttpServletRequest#getCookies() 当已确认登录用户不在时。如果找到并且有效,则自动登录用户。
If you need to implement this using "plain" Java EE / JSF, then you'd need to create a long-living cookie yourself during login by ExternalContext#addResponseCookie(). The cookie value must be a long, unique, autogenerated and hard-to-guess value (e.g. java.util.UUID) which you also store in the DB associated with the user ID. Then, you can use a simple servlet filter to check for the cookie by HttpServletRequest#getCookies() when the logged-in user has been confirmed to be absent. If the cookie is found and is valid, then auto-login the user.
为了提高安全性,请在必要时为最终用户提供锁定此cookie的选项。您也存储在数据库中的用户IP以及Cookie ID和用户ID。
To improve security, provide if necessary the enduser the option to "lock" this cookie on the user IP which you also store in the DB along with the cookie ID and user ID.
- How to implement "Stay Logged In" when user login in to the web application
- How do I keep a user logged into my site for months?
这篇关于登录后,在重新访问时自动登录JSF应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
