一个Java Web应用程序中可以有两种认证机制吗?
[英]Is it possible to have two authentication mechanisms in one Java web application?
问题描述
I have a web application that contains ui based on jsf 2.0 and a set of rest apis. 
我有一个Web应用程序,其中包含基于jsf 2.0的ui和一组rest api。 The ui side of the application is accessed from a browser and rest apis are invoked from a mobile app. 可从浏览器访问应用程序的ui端,并从移动应用程序调用rest api。
For the authentication for the UI is managed by jsf , (no form nothing, jsf manages everything). 对于UI的身份验证是由jsf管理的(没有任何形式,jsf管理所有内容)。 Now, I want the user to be authenticated before he/she can access the rest apis. 现在,我希望用户能够通过身份验证,然后才能访问其余的api。
Can I set up the web application to have Basic authentication so that I can set the username and password in the header when calling the rest apis? 我可以将Web应用程序设置为具有基本身份验证,以便在调用其余api时可以在标头中设置用户名和密码吗?
1 个解决方案
解决方案1
1 2014-01-16 17:12:58
You will need to have a security filter for your web application. 您将需要为您的Web应用程序设置一个安全筛选器。 (this can be done with spring security - Integrating Spring security with JSF 2 ) (这可以通过spring security实现- 将Spring security与JSF 2集成 )
The user will have to pass a username and password to your application. 用户必须将用户名和密码传递给您的应用程序。
Then, you just need to configure your rest api to work with basic authentication. 然后,您只需要配置rest api即可使用基本身份验证。 Since basic authentication is a HTTP feature, every time you call the rest service, you will need to pass the username/password in the request. 由于基本身份验证是HTTP功能,因此每次调用rest服务时,都需要在请求中传递用户名/密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.