Java-安全会话管理的最佳实践
[英]Java - best practices for secure session management
问题描述
I'm trying to write Rest APIs which performs user login, logout. 
我正在尝试编写执行用户登录,注销的Rest API。 And I want session information to persist (used to Redis to store session information). 我希望会话信息能够持久(用于Redis来存储会话信息)。
I'm new to Java and web development. 我是Java和Web开发的新手。 Need help in understanding: 需要帮助以了解:
What is the most industry's best practices to create & maintain sessions?
创建和维护会议的最业界最佳做法是什么? Like how e-commerce sites handle sessions? 像电子商务网站如何处理会话? How they ensure sessions are secured?
他们如何确保会话安全? Did lot of search but didn't find any satisfactory answer to this. 进行了大量搜索,但没有找到任何令人满意的答案。 Are there any ready made Java implementations used in industry that I can look for? 我可以寻找行业中使用的现成的Java实现吗? Currently using UUID as sessionID.
当前使用UUID作为sessionID。 Is there any best practice guide for the same? 是否有相同的最佳做法指南?
1 个解决方案
解决方案1
1 2016-06-22 04:57:47
Try Apache Shiro . 尝试Apache Shiro 。 It is very useful in the context of Java. 它在Java上下文中非常有用。 It offers a rich set of functionalities including session handling, cryptography, etc. 它提供了丰富的功能集,包括会话处理,加密等。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.