认证和授权的Web服务器? [英] Authentication and Authorization on web server ?
问题描述
我建立一个Android应用程序与它在Apache Tomcat上的Web服务器进行通信。 Web服务器构建在Java EE中。目前,身份验证和授权我使用的用户名,密码和管理会话我使用令牌。所以,当我在用户登录将检查MySQL数据库和用户进行身份验证。当用户试图做一些动作,基于令牌的送出,我将标识用户和授权做基于给该用户的特权的操作。它看起来有点麻烦。我想知道有没有什么标准的框架,使这项任务容易。
-
有没有tomcat的容器级别认证和授权可能,因此,如果其无权做的动作请求不会到达Web应用程序?
-
再不然就是有它提供的Web应用标准的认证和授权的框架?
阿帕奇四郎是你在找什么为:
阿帕奇四郎是一个功能强大且易于使用的Java安全框架
执行身份验证,授权,加密和会话
管理。随着四郎的易于理解的API,您可以快速,
轻松保护任何应用程序 - 从最小的移动应用
到最大的Web和企业应用程序。我在项目夫妇使用弹簧安全(第3版),缺点是需要部署(这是春天!)罐的大小,它的繁琐。
此外,我已经集成阿帕奇四郎玉兰-CMS,据我可以说阿帕奇四郎有春季安全与易用性的力量。
I am building an android application which communicates with the web server on apache tomcat. Web server build in JAVA EE. Currently for authentication and authorization I am using username , password and for managing the session I am using tokens. So when the user logs in I will check mysql database and authenticate the user. When the user tries to do some action , based on the token the sent , I will identify the user and authorize to do that action based on the privileges given to that user. It looks bit cumbersome . I was wondering is there any standard framework which make this task easy.
Is there any tomcat container level authentication and authorization possible , so the request won't reach the web application if its not authorized to do the action ?
Or else Is there any framework which provides standard authentication and authorization in web application ?
解决方案Apache Shiro is what you are looking for:
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.
I used Spring security (version 3) in couples of projects, the shortcoming was the size of jars you need to deploy (it is Spring!), it's was cumbersome.
Also I have integrated Apache Shiro with magnolia-cms, as far as I can say Apache Shiro has the strength of Spring Security with the ease of use.
这篇关于认证和授权的Web服务器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
