堆栈内存溢出
  简体   繁体   English

Struts2 登录管理和授权

[英]Struts2 Login Management and Authorization

 原文  2011-06-09 13:56:45       java/ cookies/ login/ struts2/ authorization

问题描述

I have developed a web application on Struts2 and used JSP.我在 Struts2 上开发了一个 web 应用程序并使用了 JSP。 I want to develop a login system and so cookie management for my web application.我想为我的 web 应用程序开发一个登录系统和 cookie 管理。 Everybody can see every page and there is no authorization for my website.每个人都可以看到每个页面,并且我的网站没有授权。

My question is that what are the steps of my work.我的问题是我的工作步骤是什么。

1) Login system 1) 登录系统

2) Cookie management 2) Cookie 管理

3) Authorization 3) 授权

will be done but where I should start and is there any good documents of that steps(for every step of what should I do)?将完成,但我应该从哪里开始,是否有任何关于这些步骤的好文件(对于我应该做什么的每一步)?

2 个解决方案

解决方案1
 2  2011-06-20 08:11:51

The cookie managment in Struts2 is an orphaned feature. Struts2 中的 cookie 管理是一个孤立的功能。 There are ways of reading them using the framework, but no way to write them.有使用框架读取它们的方法,但没有办法编写它们。 Since you have to go directly to the ServletResponse to write cookies, you may as well use the ServletRequest directly to read them.既然你要 go 直接向 ServletResponse 写 cookies ,你还不如直接用 ServletRequest 来读取它们。

Check out this: http://www.dzone.com/links/r/working_with_cookies_in_struts_2.html看看这个: http://www.dzone.com/links/r/working_with_cookies_in_struts_2.html

In my applications I use JavaScript for handling cookies, is more practical, and works well for me.在我的应用程序中,我使用 JavaScript 来处理 cookies,更实用,对我来说效果很好。

解决方案2
 2 已采纳  2011-06-20 08:26:04

You can implement this using Sessions, which means you won't have to work with cookies (at least directly).您可以使用 Sessions 来实现这一点,这意味着您不必使用 cookies(至少直接使用)。 Also keep in mind the difference between authentication (checking identity of a user) and authorization (checking users access rights).还要记住身份验证(检查用户身份)和授权(检查用户访问权限)之间的区别。 I usually implement:我通常实现:

  • a Login action (which authenticates the user in some way, and saves something to the session which I can latter check to see if the user is logged in...eg. a User object)登录操作(以某种方式对用户进行身份验证,并将某些内容保存到 session 中,稍后我可以检查用户是否已登录......例如用户对象)
  • an authorization interceptor (which filters each request and checks that user is logged in and has access rights for that particular request....if not forward to login form).一个授权拦截器(它过滤每个请求并检查用户是否已登录并对该特定请求具有访问权限......如果不转发到登录表单)。

Also keep in mind that this is a do-it-yourself quick way to do it, if you plan anything more you are better off with a security framework/lib of some sorts.还要记住,这是一种自己动手的快速方法,如果您计划更多,最好使用某种安全框架/库。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Struts2登录拦截器不起作用 - Struts2 login interceptor is not working 使用 struts2 登录后重定向 - redirect after login with struts2 Struts2自定义登录拦截器 - Struts2 custom login interceptor MySQL的Struts2登录错误 - Struts2 login error with MySQL Struts2会话存储位置和管理 - Struts2 Session Storage Location and Management 如何将Facebook登录与Struts2集成? - How to integrate facebook login with Struts2? 登录期间Struts2空指针异常 - Struts2 Null pointer exception during login 在 Struts2 中登录期间验证获取 NullPointerException 的方法 - Validate method getting NullPointerException during login in Struts2 Struts2和Struts2 JQuery插件兼容性 - Struts2 and Struts2 JQuery Plugin compatibility GWT + Struts2与DOJO + Struts2 - GWT + Struts2 vs DOJO + Struts2
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM