如何管理用户身份验证/会话?
[英]How to manage user authentication/sessions?
问题描述
What is the best way to manage user authentication/sessions in a web app, ideally in a clustered environment, using Spring Framework/MVC? 
使用Spring Framework / MVC,最好是在集群环境中,在Web应用程序中管理用户身份验证/会话的最佳方法是什么?
I thought of creating a login bean that creates a jsession for authenticated users and then using AOP to check for the jsession before each controller method inovcation. 我想到了创建一个登录bean,该bean为经过身份验证的用户创建一个jsession,然后在每次控制器方法初始化之前使用AOP检查jsession。
If there isn't a better way, what are some possible alternatives? 如果没有更好的方法,有什么可能的替代方法? Thanks. 谢谢。
2 个解决方案
解决方案1
2 2010-05-20 17:21:22
The best would be to use Spring Security. 最好的方法是使用Spring Security。 See http://static.springsource.org/spring-security/site/start-here.html 参见http://static.springsource.org/spring-security/site/start-here.html
解决方案2
1 2010-05-20 19:48:25
Spring Security is good, it might be overkill for what you need. Spring Security很好,对于您所需要的东西可能过大了。 Have you considered the basic standard web.xml security (this will play just fine with Spring-MVC as it's just URL based). 您是否考虑过基本的标准web.xml安全性(由于它仅基于URL,因此在Spring-MVC中可以很好地起作用)。
Many apologies if you knew about web.xml authorization already, it's just that it's often overlooked. 如果您已经了解了web.xml授权,那么很多道歉,仅仅是因为它经常被忽略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.