Struts2 Login Management and Authorization
Question
I have developed a web application on Struts2 and used JSP. I want to develop a login system and so cookie management for my web application. Everybody can see every page and there is no authorization for my website.
My question is that what are the steps of my work.
1) Login system
2) Cookie management
3) Authorization
will be done but where I should start and is there any good documents of that steps(for every step of what should I do)?
2 answers
solution1
2 2011-06-20 08:11:51
The cookie managment in Struts2 is an orphaned feature. There are ways of reading them using the framework, but no way to write them. Since you have to go directly to the ServletResponse to write cookies, you may as well use the ServletRequest directly to read them.
Check out this: http://www.dzone.com/links/r/working_with_cookies_in_struts_2.html
In my applications I use JavaScript for handling cookies, is more practical, and works well for me.
solution2
2 ACCPTED 2011-06-20 08:26:04
You can implement this using Sessions, which means you won't have to work with cookies (at least directly). Also keep in mind the difference between authentication (checking identity of a user) and authorization (checking users access rights). I usually implement:
- a Login action (which authenticates the user in some way, and saves something to the session which I can latter check to see if the user is logged in...eg. a User object)
- an authorization interceptor (which filters each request and checks that user is logged in and has access rights for that particular request....if not forward to login form).
Also keep in mind that this is a do-it-yourself quick way to do it, if you plan anything more you are better off with a security framework/lib of some sorts.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.