[英]“proper” login page with tomcat authentication
I'm trying to create a user login page for my jersey webapp on tomcat that behaves like all the other pages on the web. 我试图在tomcat上为我的jersey webapp创建一个用户登录页面,该页面的行为类似于网络上的所有其他页面。 That is, the user sees a nice login page opposed to a popup (like BASIC tomcat authentication) and the passwords are hashed before comparing to the DB entries.
也就是说,用户看到一个不错的登录页面,而不是弹出窗口(例如BASIC tomcat身份验证),并且在与数据库条目进行比较之前对密码进行了哈希处理。 Is tomcat authentication the right way to do this?
Tomcat身份验证是执行此操作的正确方法吗?
It seems that I want to use DIGEST authentication for md5 hashing but FORM authentication to get a page rather than a popup. 似乎我想对MD5散列使用DIGEST身份验证,但是对页面而不是弹出窗口使用FORM身份验证。 Perhaps there are java libraries to do this instead, and I should simply not use tomcat for this.
也许有Java库可以代替它,我不应该为此使用tomcat。
When using the form submission approach, BASIC versus DIGEST does not come into play at all since it isn't using HTTP Authentication. 当使用表单提交方法时,BASIC vs DIGEST根本不起作用,因为它不使用HTTP身份验证。 It simply sends the user id and password via an HTTP POST as parameters to a URL that is predefined by the Servlet specification, allowing the Servlet container to process them.
它只是通过HTTP POST将用户ID和密码作为参数发送到Servlet规范预定义的URL,从而允许Servlet容器对其进行处理。 Security of the data using this method is achieved through the use of SSL.
使用SSL可以实现使用此方法的数据安全性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.