如何在Java(REST)应用程序中验证用户?
[英]How to authenticate users in Java(REST) app?
问题描述
I have some java server application and some WEB interface(jQuery). 
我有一些java服务器应用程序和一些WEB界面(jQuery)。 For REST services i'm using Jersey implementation. 对于REST服务,我正在使用Jersey实现。 I can easily sent JSON to the server from WEB page and vice versa. 我可以轻松地从WEB页面将JSON发送到服务器,反之亦然。
Example of my REST service: 我的REST服务示例:
@Path("/users")
public class User {
@POST
@Path("/login")
@Consumes(MediaType.APPLICATION_JSON)
public Response authUser(User user) {
//code
}
}
But there is one problem. 但是有一个问题。 How can I auth users? 我如何授权用户? For example, i have some private resources: when user in not log in, he can't see it resource/web page, but when he logined(enter correct name and password) he can see it resource. 例如,我有一些私人资源:当用户没有登录时,他看不到资源/网页,但当他登录(输入正确的名称和密码)时,他可以看到它的资源。
I didn't use sping application. 我没有使用sping应用程序。 I have googled a lot of time but I didn't find easy examples, then i tried to read Jose's Sandoval book "RESTful Java Web Services", in "Security" section a lot of useful information but there isn't examples. 我google了很多时间,但我没有找到简单的例子,然后我试着阅读Jose的Sandoval书籍“RESTful Java Web Services”,在“安全性”部分有很多有用的信息但是没有例子。
Could you please help me? 请你帮助我好吗?
1 个解决方案
解决方案1
2 已采纳 2013-03-20 13:44:21
There are different ways to approach this I believe. 我相信有不同的方法可以解决这个问题。 One way is that when the user authenticates, you send him back a token [which expires after some time] and he then passes back that token in subsequent calls. 一种方法是,当用户进行身份验证时,您会向他发回一个令牌[在一段时间后过期],然后他会在后续呼叫中传回该令牌。
Save the token to a file or db. 将令牌保存到文件或数据库。 In subsequent requests that come from client , compare token timestamp and value. 在来自客户端的后续请求中,比较令牌时间戳和值。
Once that token expires he has to re-authenticate. 一旦该令牌到期,他必须重新进行身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.