授权和验证与JSF,Hibernate和Tomcat的Web应用程序 [英] Authorization and authentication on the web application with JSF, Hibernate and Tomcat
问题描述
我对使用Eclipse和Apache Tomcat编程使用Java EE,JSF,休眠,MySQL中的Web应用程序。我不使用Spring,EJB或等。
I am programming a Web-Application with Java EE, JSF, Hibernate, MySQL by using Eclipse and Apache Tomcat. I do not use Spring, EJB or etc.
我有简单的登录页面。有用户名和密码两个输入和提交按钮的输入值传递给这个bean。如果用户的条目与数据库记录相匹配,然后在下一个页面被打开。然而,这个过程有一个缺乏安全感。如果用户进入下一个页面的URL,他/她可以轻松地跳过登录过程中没有任何的安全性。
I have simple login page. There are two inputs for username and password and submit button to pass values of inputs to the bean. If entries of users are matched with records in DB, then next page is opened. However, this process has a lack of security. If user enters a URL of next pages, he/she can easily skips login process without any security.
我知道我的应用程序需要身份验证和授权。我用Google搜索这些条款三天。我学到了很多东西,但我没有发现与JSF,Hibernate的应用一个简单的解决方案,并在Apache Tomcat。
I know that my application needs authentication and authorization. I have googled these terms for three days. I learned lots of things, but I do not have found a simple solution for the application with JSF, Hibernate and worked on Apache Tomcat.
有没有包含这种配置的任何简单的例子吗?我不需要详细的管理。只是一个简单的身份验证(也可能授权)。
Is there any simple example that contains this kind of configuration? I do not need detailed management. Just a simple authentication (also maybe authorization).
我真的累了,请帮助我。
I am really tired, please help me.
修改(1):
我选择了容器管理的认证作为登录策略,我develeped一些code。 <一href=\"http://stackoverflow.com/questions/23111373/com-mysql-jdbc-exceptions-jdbc4-mysqlsyntaxerrorexception-unknown-column-user\">com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:容器管理的认证 - 在where子句未知列'USER_NAME'。不过,我得到com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException。我希望达到的解决方案,如果你能帮我。所有反馈AP preciated!
I chose "container managed authentication" as a login strategy and I develeped some code. com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'USER_NAME' in 'where clause' - container managed authentication. However, I get com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException. I hope to reach the solution, if you help me. All feedback appreciated!
修改(2):
我意识到,容器管理的认证有着严格的规定和限制它编码的自由。基于这个解决方案的应用要求程序员可以不写code。正因为如此,我实现的Servlet过滤解决方案,它是旧的,但功能强大,在我的应用程序。如果你想尝试新的,阿帕奇四郎可能是一种选择。我建议看的<一个文章href=\"http://balusc.blogspot.com.tr/2013/01/apache-shiro-is-it-ready-for-java-ee-6.html#ProgrammaticLogin\" rel=\"nofollow\">http://balusc.blogspot.com.tr/2013/01/apache-shiro-is-it-ready-for-java-ee-6.html#ProgrammaticLogin
I realized that "container managed authentication" has strict rules and it limits the freedom of coding. Programmer cannot write code based on requirements of application with this solution. Because of that, I implement Servlet-Filter solution which is old, but powerful, in my app. If you want to try new ones, Apache Shiro may be an option. I advise to look at the article of http://balusc.blogspot.com.tr/2013/01/apache-shiro-is-it-ready-for-java-ee-6.html#ProgrammaticLogin
推荐答案
尝试使用Spring的安全性,它将允许以保护身份验证和授权应用程序。看到这个教程作为一个起点。
Try using Spring security, it will allow to protect the application with authentication and authorization. See this tutorial as a starting point.
这篇关于授权和验证与JSF,Hibernate和Tomcat的Web应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
