Web应用程序中的编程用户注册Java Spring MVC
[英]Programming User registration in web application Java Spring MVC
问题描述
I am building web application where i am building the first stage with user registration and login. 
我正在构建Web应用程序,其中正在通过用户注册和登录构建第一阶段。
I am thinking of 我在想
class User
{
private userid;
private firstname
.........
//getters and setters
}
class UserService {
public boolean authenticate(username, password) {}
public addUser()
public saveuser()
public ConfirmEmail()
public resetPassword()
......
}
I have few questions 我有几个问题
- Is my approach correct? 我的方法正确吗?
- Also i have diff function in front end and for backend admin user, so should i put all in one class or, i have to make diff for front end and backend? 另外我在前端和后端管理员用户都具有差异功能,所以我应该将它们全部放在一个类中,还是必须对前端和后端进行差异化?
- As this is the most common thing which every organisation requires, so is it possible to find it from internet so that i can see how enterprise people approach this? 因为这是每个组织最常见的要求,所以有可能从互联网上找到它,以便让我看到企业人员如何实现这一目标?
2 个解决方案
解决方案1
5 已采纳 2011-02-25 05:19:09
First thing, I'd look at whether you can use another authentication system like Google or Facebook, or Open ID (StackOverflow uses these and more). 首先,我将研究您是否可以使用其他身份验证系统,例如Google或Facebook,或Open ID(StackOverflow使用这些以及更多)。
Secondly, I'd look into using a security framework like Spring Security . 其次,我将研究使用像Spring Security这样的安全框架。
Finally, if you want/need to do it on your own from scratch, here are some pointers 最后,如果您想/需要自己重新制作,这里有一些提示
- Always store passwords using a 1-way hashing mechanism eg SHA 始终使用1向哈希机制(例如SHA)存储密码
- Use salt when hashing your password - you should have a random salt value per password (see this SO question for it's length) 使用盐散列密码的时候-你应该有每个密码随机盐值(参见这太问题为它的长度)
- You can also have a constant application-wide salt value that is not stored next to the password 您还可以在应用程序范围内保持不变的盐值,该值不会存储在密码旁边
- Give the users roles. 赋予用户角色。 This will solve your front end/back end users problem 这将解决您的前端/后端用户问题
I'm assuming you're using a database. 我假设您正在使用数据库。 Here's an example schema (MySQL) 这是一个示例架构(MySQL)
CREATE TABLE users (
id INTEGER UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT
mail VARCHAR(255) NOT NULL,
name VARCHAR(255) NOT NULL,
enc_password VARCHARCHAR(64) NOT NULL,
salt CHAR(8) NOT NULL,
is_mail_authenticated TINYINT(1) UNSIGNED NOT NULL DEFAULT 0,
UNIQUE KEY (mail)
) ENGINE = InnoDB;
CREATE TABLE roles (
id INTEGER UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT
name VARCHAR(32) NOT NULL,
UNIQUE KEY (name)
) ENGINE = InnoDB;
CREATE TABLE users_roles (
user_id NTEGER UNSIGNED NOT NULL,
role_id NTEGER UNSIGNED NOT NULL,
FOREIGN KEY (user_id) REFERENCES users (id),
FOREIGN KEY (roel_id) REFERENCES roles (id),
) ENGINE = InnoDB;
That'll do it for a very basic user model. 这将为非常基本的用户模型做到这一点。 You'll need a tool to generate your salt. 您将需要一个工具来生成盐。 I'd use randomAlphanumeric from Apache commons lang. 我会使用来自Apache commons lang的randomAlphanumeric 。
You may want to add some stuff to lock user accounts after too many failed login attempts. 您可能想在登录尝试失败后添加一些东西来锁定用户帐户。 And you may want to track the IP with which they've logged in from. 您可能希望跟踪其登录时使用的IP。 This is left as an exercise to the reader :) 这留给读者练习:)
I added the is_mail_authenticated field to track whether the user had authenticated their mail. 我添加了is_mail_authenticated字段来跟踪用户是否已验证其邮件。 This is usually accomplished by clicking a link from one's email. 这通常是通过单击某人电子邮件中的链接来完成的。
解决方案2
0 2011-02-25 05:26:02
I think, Spring provides very good approach for creating user with role assignment and authenticating the user powerfully, and also maintaining the security or your application. 我认为,Spring提供了一种很好的方法来创建具有角色分配的用户,并有效地对用户进行身份验证,以及维护安全性或您的应用程序。 No need to implement whole as our own application, you can use spring security. 无需将整体实现为我们自己的应用程序,就可以使用spring安全性。 http://static.springsource.org/spring-security/site/start-here.html http://static.springsource.org/spring-security/site/start-here.html
Either you can create users by your own do the authentication using above security plugins. 您可以使用上面的安全性插件自行创建用户进行身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.