堆栈内存溢出
  简体   繁体   English

如何在Glassfish的JSF中实现认证?

[英]How to implement authentification in JSF in glassfish?

 原文  2012-04-03 12:29:59       java/ jsf/ java-ee/ glassfish

问题描述

I have an embedded glassfish server and a small web app. 我有一个嵌入式glassfish服务器和一个小型Web应用程序。 I want to add login-authentification thingy to it. 我想向其中添加登录身份验证。 Problem: all tutorials i've found so far tell to go glassfish admin console on 4848 port and config jdbc realm there. 问题:到目前为止,我找到的所有教程都告诉您在4848端口上配置glassfish管理控制台,并在那里配置jdbc领域。 Is it's possible to do this using xml files like web.xml , glassfish-resources.xml and provide them with my war. 是否有可能使用web.xmlglassfish-resources.xml之类的xml文件来执行此操作,并向他们提供帮助。 It would be nice to make my app completely portable. 使我的应用程序完全可移植会很好。 Thanks in advance! 提前致谢!

2 个解决方案

解决方案1
 1  2012-04-03 12:50:57

您是否考虑过简单地创建用于输入用户名/密码的安全表单,然后仅检查数据库中的表单?

解决方案2
 0 已采纳  2012-04-03 14:19:15

According to the Java EE 6 specifications (and to the Java EE 6 tutorial, chapter Overview of Java EE Security ): 根据Java EE 6规范(以及Java EE 6教程的Java EE安全性概述一章):

Security for components is provided by their containers 组件的安全性由其容器提供

So, using the standard Security concepts, it's not wise to make your web application aware of realms and other features that should be managed by the container. 因此,使用标准的安全性概念,使您的Web应用程序了解应由容器管理的领域和其他功能是不明智的。

In theory there is a way for reaching your goal, but it's very complex and at the end of the day it's not even fully container-agnostic. 从理论上讲,有一种方法可以实现您的目标,但是它非常复杂,并且最终甚至还不能完全与容器无关。 This way consists in developing your own JAAS (Java Authentication and Authorization Service), and deploying it into the container before deploying your application. 这种方式包括开发自己的JAAS (Java身份验证和授权服务),然后在部署应用程序之前将其部署到容器中。

You can find further reference in this JAAS Tutorial , from which I extract the following lines that explain the concept I have summarized above: 您可以在此JAAS教程中找到更多参考,我从中摘录了以下几行内容,以解释上面概述的概念:

System level security is defined in terms of User Groups, called Roles, and in terms of security privileges mapping definitions, called Realms. 系统级安全性是根据用户组(称为“角色”)和安全特权映射定义(称为“领域”)定义的。 Application level security is constituted from User Groups and Realms. 应用程序级别的安全性由用户组和领域组成。

At the application level, security permissions also list the various application components that are accessible by each User Group in each Realm. 在应用程序级别,安全权限还列出了每个领域中每个用户组可访问的各种应用程序组件。 Thus, when an application is deployed, its application level realms and roles are mapped to the system level realms and roles defined on the server. 因此,在部署应用程序时,其应用程序级别领域和角色将映射到服务器上定义的系统级别领域和角色。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在GlassFish中获得具有JSR 196身份验证的角色? - How to get roles with JSR 196 authentification in GlassFish? 如何使用JSF将文件上传到glassfish - How to upload files to glassfish with JSF 如何使用Glassfish实现基本身份验证? - How to implement basic authentication with Glassfish? 如何在Glassfish 4和jsf中使Websocket工作? - How to get a websocket in glassfish 4 and jsf working? 如何在glassfish服务器中使用primefaces运行jsf - how to run jsf with primefaces in glassfish server 如何在 JSF 上实现 CSS 模板 - How to implement a CSS template on JSF 如何使用Glassfish 2.1在JPA中实现悲观锁定? - How to implement pessimistic locking in JPA with Glassfish 2.1? 如何使用Java和glassfish实现每日计划任务? - How to implement a daily scheduled task with java and glassfish? Glassfish 登录 JSF 页面 - Glassfish logs on JSF Page 使用GlassFish的JSF问题 - Problems with JSF Using GlassFish
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM