如何在 Web 应用程序中实现 HTTPS 登录页面? [英] How to implement a HTTPS login page in a web application?
问题描述
我想创建一个安全的登录/注销机制.我开始阅读以下文章以了解需要考虑的事项:
I want to create a secure login/logout mechanism. I started reading the following articles to get an idea of things to take into account:
这些文章提出了一些很好的观点,但我想以与 Yahoo 邮件登录页面类似的方式使用 HTTPS.你知道...你输入 http://mail.yahoo.com 然后你被重定向到一个 HTTPS 页面,比如**https://**login.yahoo.com/config/login 在其中插入您的用户名和密码,在验证您的凭据后,您将被重定向回带有生成的 session_id cookie 的 HTTP 页面从那里开始的所有通信都是使用 cookie 在 HTTP 上进行的.
These articles make some good points, but I was thinking in using HTTPS in a similar way as the Yahoo mail login page. You know... you type http://mail.yahoo.com and you are redirected to a HTTPS page like **https://**login.yahoo.com/config/login where you insert your username and password and after your credentials are verified you are redirected back to a HTTP page with a generated session_id cookie and all communications from there on are on HTTP using the cookie.
我需要什么来实现这种行为?
What do I need to implement this behavior?
我想为两个 Java Web 应用程序(一个使用 Spring 框架,一个使用 Struts 1)执行此操作,但不知道如何将该 HTTPS 部分集成到应用程序中(我以前从未使用过 HTTPS).
I want to do this for two Java web apps (one with Spring framework and one with Struts 1) but don’t know exactly how to integrate that HTTPS part into the application (I have never worked with HTTPS before).
推荐答案
首先,您需要为您的服务器启用 SSL.对于 Tomcat,您需要生成一个 openSSL 密钥库并将以下连接器添加到 server.xml:
First of all you need to enable SSL for your server. For Tomcat you need to generate an openSSL keystore and add the following connector to server.xml:
<Connector port="8443" scheme="https" secure="true" SSLEnabled="true"
keystoreFile="mykeystore" sslProtocol="TLS"
keystorePass="keystore password" />
要将 SSL 集成到您的应用程序中,我建议使用 Spring Security.它提供了您想要的东西(通过 HTTPS 登录,然后重定向到 HTTP).要实现它,您只需将 forceHTTPS 设置为 true:
To integrate SSL into your application I recommend Spring Security. It offers exactly what you want (login over HTTPS, then redirected to HTTP). All you have to do to implement it, is to set forceHTTPS to true:
<bean id="authenticationProcessingFilterEntryPoint"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/pages/login.jsp" />
<property name="forceHttps" value="true"/>
</bean>
当然,Spring 和 Spring 安全确实有一个相当陡峭的学习曲线,但完全值得.做一次,然后你可以在不到一个小时的时间内将它应用到新的应用程序中.您可以在 Spring 和 Struts 应用程序中使用 Spring Security.
Of course Spring and Spring security do have a rather steep learning curve, but it is totally worth it. Do it once and then you can apply it to new apps in less than an hour. You can use Spring Security in both the Spring and Struts application.
Spring 安全曾经是 Acegi 安全.这是一篇文章会让你开始.
Spring security used to be Acegi security. This is an article that will get you started.
这篇关于如何在 Web 应用程序中实现 HTTPS 登录页面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
