如何在REST Web服务中对用户进行身份验证? [英] How do I authenticate user in REST web service?
问题描述
如何在REST Web服务中编写用于用户身份验证的方法? 我是Web服务的初学者.
How do I write the method for user authentication in REST web service? I am beginner with web services.
推荐答案
身份验证本身应以无状态方式进行,以免破坏REST范式.这意味着必须对每个请求进行身份验证. 这个 SO问题可能会提供更多详细信息
Authentication itself should be done in a stateless way, so that the REST paradigm is not broken. This means authentication has to occur on every request. this SO question might provide some further details
最简单的方法是通过SSL加密使用HTTP-Basic AUTH( rfc2617 )连接(https).这是一些Java示例:
the esiest method is using HTTP-Basic AUTH (rfc2617) over SSL encrypted connections (https). here are some java examples:
- ericonjava
- my blog entry
另一种方法是使用随机数,这样您不必每次都重新发送用户/密码组合,但是它们更具挑战性:
another method is using nonces so that you dont have to resend the user/pass combo everytime, but they are a bit more challenging:
有很多方法可以对用户进行身份验证,但是这两种最常用的方法不保存服务器端的会话状态.
there are lots and lots of ways to authenticate users but these 2 are the most often used that dont hold session state on the server side.
希望有帮助
这篇关于如何在REST Web服务中对用户进行身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
