确保用户在Java Web App中进行身份验证 [英] Ensuring Users are Authenticated in Java Web App

问题描述

我的网络应用程序有一个安全区域，用户可以通过JSP登录。 JSP将用户名和密码发布到servlet，然后servlet检查用户凭据是否有效。如果它们有效，则将用户定向到安全资源。如何确保用户无法在不先验证的情况下导航到安全资源？

My web app has a secure area which users log in to via a JSP. The JSP posts the user name and password to a servlet, which then checks to see if the users credentials are valid. If they are valid then the user is directed to the secure resource. How can I ensure that users can't just navigate to the secure resource without validating first?

推荐答案

一种常见的方法是设置用户会话中的令牌，即

A common approach is to set a token in the user's session i.e.,

session.setAttribute（loggedIn，true）;

甚至

session.setAttribute（loggedInUser，someUserName）;

并在任何应保护的页面上检查。一个好的策略是使用附加到任何要保护的页面的servlet过滤器来执行检查。如果他们没有通过检查，过滤器可以重定向到登录页面。另请参见此处： http://java.sun.com/products/servlet/Filters。 HTML

and check that on any page that should be secured. A good strategy is to perform the check using a servlet filter that you attach to any page to be secured. If they don't pass the check, the filter can redirect to the login page. Also see here: http://java.sun.com/products/servlet/Filters.html

这是一篇关于使用过滤器进行身份验证的好文章： http://www.developer.com/java/ent/article.php/3467801

This is a good article on using filters for authentication also: http://www.developer.com/java/ent/article.php/3467801

这篇关于确保用户在Java Web App中进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！