确保用户在Java Web App中进行身份验证 [英] Ensuring Users are Authenticated in Java Web App
问题描述
我的网络应用程序有一个安全区域,用户可以通过JSP登录。 JSP将用户名和密码发布到servlet,然后servlet检查用户凭据是否有效。如果它们有效,则将用户定向到安全资源。如何确保用户无法在不先验证的情况下导航到安全资源?
My web app has a secure area which users log in to via a JSP. The JSP posts the user name and password to a servlet, which then checks to see if the users credentials are valid. If they are valid then the user is directed to the secure resource. How can I ensure that users can't just navigate to the secure resource without validating first?
推荐答案
一种常见的方法是设置用户会话中的令牌,即
A common approach is to set a token in the user's session i.e.,
session.setAttribute(loggedIn,true);
甚至
session.setAttribute(loggedInUser,someUserName);
并在任何应保护的页面上检查。一个好的策略是使用附加到任何要保护的页面的servlet过滤器来执行检查。如果他们没有通过检查,过滤器可以重定向到登录页面。另请参见此处: http://java.sun.com/products/servlet/Filters。 HTML
and check that on any page that should be secured. A good strategy is to perform the check using a servlet filter that you attach to any page to be secured. If they don't pass the check, the filter can redirect to the login page. Also see here: http://java.sun.com/products/servlet/Filters.html
这是一篇关于使用过滤器进行身份验证的好文章: http://www.developer.com/java/ent/article.php/3467801
This is a good article on using filters for authentication also: http://www.developer.com/java/ent/article.php/3467801
这篇关于确保用户在Java Web App中进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!