如何在使用Web服务的Java中实现登录?
[英]How to achieve login in java consuming a web service?
问题描述
I have a project in java which utilize j_security_check and ldap for authentication. 
我在Java中有一个利用j_security_check和ldap进行身份验证的项目。 Now my employer want to change it to an authentication using a webservice provided . 现在,我的雇主希望使用提供的Web服务将其更改为身份验证。 What they gave me is actually a link as shown below " http://11.111.111.111/ADManager/ADlogin.asmx " I am a total newbie to java and webservice.All I know is if we provide some data to a webservice it will give a response. 他们给我的实际上是如下所示的链接“ http://11.111.111.111/ADManager/ADlogin.asmx ”我是java和webservice的新手。我所知道的是,如果我们向webservice提供一些数据,它将做出回应。 my doubts are 我的怀疑是
- Is it possible to create a login consuming that link they provided? 是否可以使用他们提供的链接来创建登录名?
- Should I ask them for more info? 我应该问他们更多信息吗?
- Is it posible to replace the j_security_check and ldap already configured in my java project? 是否可以替换已经在Java项目中配置的j_security_check和ldap?
PS : The one who assigned me this task doesn't seems to have much knowledge either. PS:分配给我这项任务的人似乎也不多。
1 个解决方案
解决方案1
0 2017-06-15 05:58:48
The short answer is you can. 简短的答案是可以的。
You need to do the following: 您需要执行以下操作:
Each web resource is protected by a (servlet) filter. 每个Web资源均受(servlet)过滤器保护。 This filter checks each incoming request and validates the token which needs to be on the http header. 该过滤器检查每个传入的请求并验证需要在http标头上的令牌。 If the token is valid then the request is served. 如果令牌有效,那么将处理请求。 If the token is invalid the filter is going to send back http 401 unauthorized. 如果令牌无效,则过滤器将未经授权发送回HTTP 401。 Then redirect to the loin page. 然后重定向到里脊页面。
Login with rest service: 使用休息服务登录:
1) Create a custom login page with username/password field. 1)使用用户名/密码字段创建一个自定义登录页面。
2) Create a rest web service, receives username/password. 2)创建一个REST Web服务,接收用户名/密码。 It will check the credentials against an external access management infrastructure like OpenAM . 它将根据外部访问管理基础结构(如OpenAM)检查凭据。
3) First, call auth(username, password) rest api to get the auth token. 3)首先,调用auth(用户名,密码)rest api以获取auth令牌。 If the given credentials are okay then just send back the auth cookie to the client with HTTP 200 response code. 如果给定的凭据还可以,则只需使用HTTP 200响应代码将auth cookie发送回客户端即可。
4) Then, you can call protected rest apis. 4)然后,您可以调用受保护的REST API。 You need to send auth cookie with your request each time. 您需要每次随请求发送身份验证cookie。
5) Servlet filter (or something similar) checks each incoming request and validates the token. 5)Servlet过滤器(或类似的东西)检查每个传入的请求并验证令牌。 If the token is valid then the request goes forward to the rest method, if not you need to generate an http 401/403 response. 如果令牌有效,则请求将转至rest方法;如果无效,则需要生成http 401/403响应。
I suggest you not to write your own authentication layer, please use an existing one, for example OpenAM. 我建议您不要编写自己的身份验证层,请使用现有的身份验证层,例如OpenAM。
This forum topic explain everything you. 该论坛主题向您解释了所有内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.