使用在Java上编写的RESTFul API来登录/注册 [英] Login/Register by using RESTFul api written on Java
问题描述
我已经使用Netbeans IDE创建了Java Web应用程序。我创建了具有关系的实体。网页是简单的仪表板,我可以添加新实体,更改和删除它们。
I have created Java Web Application by using Netbeans IDE. I have created entities with relationships. Webpages are simple dashboards where I can add new entities, change them and delete them.
我已将Restful Web服务添加到我的实体。所以网页将只有管理员可用,我想创建只能访问他自己的数据的客户端应用程序。这意味着客户必须登录或注册到我的服务器。
I have added Restful web services to my entities. So web page will be available only for admin and I want to create client application that will have access only for his own data. That means client must login or register to my server.
当用户在网站上登录/注册时,服务器将为此用户创建会话。我知道在RESTful服务没有会话。我的想法是通过登录和密码每时,当客户端要做一些操作与服务器。
When user logins/registers on website, server will create session for this user. I know that in RESTful service there is no sessions. My thought is to pass login and password every time when client wants to do some operation with server.
问题:是否有任何其他方法创建类似客户端和服务器之间的会话?我希望它不与加密连接。
Question: is there any other method to create something like session between client and server? I hope it is not connected with encryption.
推荐答案
有许多认证和授权选项。如果要使用简单身份验证,则使用HTTP的基本身份验证。有关详情,请查看 http://tools.ietf.org/html/rfc2617 。请记住,这是不安全的,因为用户名/密码流动在线。任何人都可以嗅探用户名/密码。这是由新的RFC7235 - http://tools.ietf.org/html/rfc7235# section-4
There are many options for authentication as well as authorization. If you want to use simple authentication then 'Basic Auth' of HTTP. Check out http://tools.ietf.org/html/rfc2617 for details. Remember that this is unsafe because the username/password flows on wire. Anyone can sniff username/password. This is updated by new RFC7235 - http://tools.ietf.org/html/rfc7235#section-4
更安全的选择是oAuth。在RFC6749 https://tools.ietf.org/html/rfc6749 中说明。在这种情况下,每个请求都会有一个访问令牌。
Safer choice is oAuth. Explained in RFC6749 https://tools.ietf.org/html/rfc6749. In this case an access token goes with each request.
在这两种情况下,凭证详细信息都随标题一起传输。不干扰参数。
In both the cases the credential details travel with headers. No interference with parameters.
这篇关于使用在Java上编写的RESTFul API来登录/注册的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
