Spring MVC的3.0基本身份验证实施 [英] Spring MVC 3.0 Basic Authentication Implementation

问题描述

我目前TN转化与Java Spring MVC框架ASP.NET从我的Web应用程序（虽然以了解它的好方法 - :)）我需要实现我的应用程序验证：请告诉我，如果我的做法是好的，够专业，如果没有什么是做到这一点的最佳实践：

I'm currently transforming my Web Application tn Java with Spring MVC framework from ASP.NET (good way to learn it though -:) ) I need to implement authentication in my application: Please tell me if my approach is good and professional enough and if not what is the best practice to do that:

所有我写User类的第一持有关于当前用户的名字的所有信息/姓/电子邮件/ ID /等...

First of all I'm writing User class which holds all information about current user firstname/lastname/email/id/etc....

class User implements Serializable{
private String firstName;
private String lastName;
private Long id;
private String email;

///Settters and Getters

}

我实现类命名DlSession和实施它sesison水平。

I'm implementing class Named DlSession and implementing it on sesison level.

<bean id="MySession" class="DlSession" scope="session">
<aop:scoped-proxy/>

class DlSession implements Serializable{
private User currentUser;

public DlSession(){}

// getters and setters:
}

当用户提交他的用户名/密码，我验证凭证，如果用户存在检索所有的用户数据的用户类的实例。然后，我设置的currentUser在会话B I检索的用户：

When User submits his user/pass I'm verifying the credential and if user exists retrieving all the user Data to the instance of User class. Then I'm setting currentUser in Session to b the user I retrieved:

mySesison.setCurrentUser(user);

为了验证认证我需要检查：

In order to verify authentication I need to check:

if (mySession.getcurrentUser() == null)
//return unauthenticated 
else 
//return authenticated

要注销从系统用户我只是在做：

To logout user from system I just doing:

mySession.setcurrentUser(null);

时的这种做法是否正确？任何建议，更欢迎然后。 ：）

Is this approach correct? any suggestions are more then welcomed. :)

推荐答案

如果您正在使用的用SpringMVC ，你为什么不同时使用的 SpringSecurity （<一个href=\"http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity.html\">manual)?
它的所有组件的内置，你需要设置你的<一个href=\"http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ns-config.html#ns-form-and-basic\">form-based-或基本认证。而且，您可以轻松地在将来添加新的身份验证方法。

If you are already using SpringMVC, why don't you use also SpringSecurity (manual)? It has all the components built-in that you need to set up your form-based- or basic-authentication. And, you can easily add new authentication methods in the future.

修改：参见这个问题一个可能的解决方案，使用Spring Security的

EDIT: see also this question for a possible solution, using Spring Security.

这篇关于Spring MVC的3.0基本身份验证实施的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！