[英]how to implement production ready login logout functionality in servlet jsp
Following is the use case... 以下是用例...
** **
** **
I've searched on internet but end up with simple Login examples or tomcat security roles etc. No one gives the actual solution. 我在互联网上进行搜索,但最终得到了简单的登录示例或tomcat安全角色等。没有人提供实际的解决方案。 ANd please don't say that this question is NOT RELATED TO this FORUM. 请不要说这个问题与本论坛无关。
Thanks 谢谢
This happens because browser caches the web pages that are being loaded,you can prevent it by using filters and telling browser not to cache the web pages like below. 发生这种情况是因为浏览器缓存了正在加载的网页,您可以通过使用过滤器并告诉浏览器不要像下面那样缓存网页来阻止它。 doFilter method of Filter 过滤器的doFilter方法
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
HttpSession session = request.getSession(false);//don't create if session doesn't exist.
if (session==null || session.getAttribute("username") == null) {
RequestDispatcher rd=request.getRequestDispatcher("login");//dispatch it to your desired page i.e login page
rd.forward(request, response);
} else {
chain.doFilter(req, res);
}
}
You should configure this filter inside web.xml or using Annotations for which url-patterns you want to filter.refer documentation for more details. 您应在web.xml内配置此过滤器,或使用要过滤其url模式的注释来配置。有关更多详细信息,请参阅文档。
If you're using Tomcat then a good place to start is Tomcat Standard Realm Implementations . 如果您使用的是Tomcat,那么“ Tomcat标准领域实现”是一个不错的起点。
It's important to remember that normal Java EE security authenticates users and authorises them using roles - even if you only have the one. 重要的是要记住,即使您只有一个角色,普通的Java EE安全性也可以使用角色对用户进行身份验证和授权 。
Once you have done that you can implement Logout by invoking a servlet which calls HttpServletRequest.logout() and then invalidates the HttpSession: 完成此操作后,您可以通过调用Servlet来实现注销,该Servlet调用HttpServletRequest.logout() ,然后使HttpSession无效:
request.logout();
request.getSession().invalidate();
and then: 接着:
response.sendRedirect("some protected page");
which should resolve your back button problem and land back on the login page. 这应该可以解决您的后退按钮问题,并返回登录页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.