堆栈内存溢出
  简体   繁体   English

关于JSF 2的Https,用于受保护的资源和登录

[英]Https on JSF 2, for protected resources and login

 原文  2011-04-01 12:54:50       java/ https/ jsf-2/ servlet-filters

问题描述

I have a managed bean with 2 attribute: userName & password (with its respective getters and setters methods), and a login() method that access the database to verify login credentials. 我有一个带有2个属性的托管bean: userNamepassword (带有各自的getter和setters方法),以及一个访问数据库以验证登录凭据的login()方法。

My question is, when the user clicks the "login" button, the action must go through https protocol. 我的问题是,当用户点击“登录”按钮时,操作必须通过https协议。 How can I achieve this with JSF 2? 我如何用JSF 2实现这一目标?

Also, if I want to have some Faces to be protected (under https protocol), how do I achieve this? 另外,如果我想要保护一些Faces(在https协议下),我该如何实现? Is there a filter that enables me to do this? 是否有过滤器可以让我这样做?

Thanks in advance. 提前致谢。

1 个解决方案

解决方案1
 9 已采纳  2011-04-01 13:06:24

You can define a security constraint in the web.xml of your application: 您可以在应用程序的web.xml中定义安全性约束: 

<security-constraint>
   <web-resource-collection>
      <web-resource-name>SecureConnection</web-resource-name>
        <url-pattern>*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint/>
      <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
</security-constraint>

Adapt the url-pattern to contain your login page and all other secured pages. 调整url-pattern以包含登录页面和所有其他安全页面。 The use of https is defined by the user-data-constraint. https的使用由user-data-constraint定义。

From the Java EE tutorial : Java EE教程

If you specify CONFIDENTIAL or INTEGRAL as a security constraint, it generally means that the use of SSL is required and applies to all requests that match the URL patterns in the web resource collection, not just to the login dialog box. 如果将CONFIDENTIAL或INTEGRAL指定为安全性约束,则通常意味着需要使用SSL并应用于与Web资源集合中的URL模式匹配的所有请求,而不仅仅是登录对话框。

If you wrote your own login() method and are using Glassfish, you could take a look at container-based authentication with a JDBCRealm as alternative login approach. 如果您编写了自己的login()方法并使用了Glassfish,则可以使用JDBCRealm作为替代登录方法来查看基于容器的身份验证。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用HTTPS登录到htaccess保护的目录 - Login with HTTPS to htaccess protected directory 无需受保护资源即可进行JSF / Java EE登录 - JSF / Java EE login without requiring a protected resource 在JSF中访问受保护的页面 - Access Protected Pages in JSF JSF 2.0:使用HttpServletRequest.login后如何重定向到受保护的页面 - JSF 2.0 : How to redirect to the protected page after using HttpServletRequest.login 春季并归还受保护的资源 - Spring and returning protected resources JSF以编程方式添加资源 - JSF add resources programmatically 库子目录中的JSF 2.2资源 - JSF 2.2 resources in subdirectories of library jsf登录页面 - login page with jsf 如何登录 jsf - How to login in jsf JSF登录过滤器 - JSF login filter
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM