使用注解在Servlet 3.0中进行表单登录 [英] Form login in a Servlet 3.0 using annotations
问题描述
我有一个旧的servlet ABC,它使用web.xml定义它的表单登录名(这是另一个servlet XYZ,存储在另一个JAR文件中,并集成在WAR的WEB-INF \ lib下的路径中):
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/login?event=Retry</form-error-page>
</form-login-config>
</login-config>
现在,我使用新的Servlet 3.0注释迁移了Servlet ABC.我有一个@WebServlet和一个@ServletSecurity批注.但是,如何定义我的登录配置是基于表单的登录(web.xml中的auth-method)以及Web容器应将请求重定向到哪个URL(web.xml中的form-login-page)呢?我发现了一个带有注释的教程,当使用基于表单的登录时,我必须使用部署描述符.
我没有在Servlet 3.0规范中找到关于此的评论.有人知道这是否正确吗?还是有任何注释或其他方法可以阻止我使用部署描述符?
斯蒂芬,
我也一直在尝试为我的应用程序查找所有注释配置.
您是正确的-配置基于表单的身份验证的唯一方法是使用部署描述符(web.xml或web-fragment.xml).
根据 JSR-315 Servlet 3.0规范: :Ch13.6.3(pg132):
"Web应用程序部署描述符包含一个 登录表单和错误页面..."
规范仅指用于表单登录配置的Web部署描述符,而不指任何基于注释的配置.
此外,请查看 JSR-315 Servlet 3.0规范:: Ch8.1(pg61-64)-没有Servlet注释的概念可以实现基于表单的身份验证配置. /p>
实际上,所有Ch8都非常有用,特别是 JSR-315 Servlet 3.0规范:: Ch8.2.3(pg72-84),其中解释了web.xml,web-fragment.xml和注释按顺序组装在一起.
我已经简要查看了 JSR-340 Servlet 3.1 Specification 规范已于2013年5月28日发布.似乎他们没有为基于表单的身份验证配置添加任何新规定,请参见 JSR-340 Servlet 3.1 Specification :: Ch13.6.3( pg139) ...
祝你好运;)
I have an old servlet ABC using a web.xml to define it's form login (which is another servlet XYZ stored in another JAR file and integrated in the WAR under path WEB-INF\lib):
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/login?event=Retry</form-error-page>
</form-login-config>
</login-config>
Now I migrated servlet ABC using the new Servlet 3.0 annotations. I have a @WebServlet and a @ServletSecurity annotation. But how do I define that my login configuration is a form based login (auth-method in web.xml) and what URL the webcontainer should redirect the request to (form-login-page in web.xml)? I found a tutorial with note that when using form-based-login I must use a deployment descriptor.
I didn't find a remark regarding this in the servlet 3.0 spec. Does anybody know if this is correct? Or are there any annotations or other ways to prevent me from using a deployment descriptor?
Stephan,
I've been trying to find all-annotation configuration for my application as well.
You are correct - the only way to configure form-based authentication is by using deployment descriptor (web.xml or web-fragment.xml).
According to JSR-315 Servlet 3.0 Specification :: Ch13.6.3 (pg132):
"The web application deployment descriptor contains entries for a login form and error page..."
Specification only refers to the web deployment descriptor for form-login configuration, and not to any annotation-based configuration.
Also, take a look at JSR-315 Servlet 3.0 Specification :: Ch8.1 (pg61-64) - there is no notion of Servlet annotations that would implement form-based authentication configuration.
Actually, all of Ch8 is very useful to read, especially JSR-315 Servlet 3.0 Specification :: Ch8.2.3 (pg72-84) that explains how web.xml, web-fragment.xml and annotations are being assembled together and in which order.
I have briefly looked over JSR-340 Servlet 3.1 Specification spec that has just been released May 28, 2013. It seems they have not added any new provisions for form-based authentication configuration, see JSR-340 Servlet 3.1 Specification :: Ch13.6.3 (pg139)...
Good luck ;)
这篇关于使用注解在Servlet 3.0中进行表单登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
