Session Tracking using J2EE

后端 未结 3 700
醉话见心
醉话见心 2021-01-27 18:25

I\'m trying to implement session tracking on my website. Basically I want the users to be able to login in my website using their username and their password, pass throw my webs

相关标签:
3条回答
  • 2021-01-27 18:47

    You can use Spring Security. It has all the features you require. Spring Security provides comprehensive security services for J2EE-based enterprise software applications.

    The framework will authenticate and authorize the user based on the configuration done in the framework. And will automatically save the user state in the session. You don't have to explicitly deal with sessions.

    0 讨论(0)
  • 2021-01-27 18:50

    I am confused with term session tracking, but I understand that you want to allow users to access protected resources.

    What you need is to define roles, authentication provider and mapping for secured resources. Then you can combine it in web.xml:

    <security-constraint>
             <display-name>SecurityConstraint</display-name>
            <web-resource-collection>
                  <web-resource-name>WRCollection</web-resource-name>
                 <url-pattern>/*</url-pattern>
         </web-resource-collection>
            <auth-constraint>
                  <role-name>TutorialUser</role-name>
            </auth-constraint>
            <user-data-constraint>
                <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
      <login-config>
            <auth-method>FORM</auth-method>
         <form-login-config>
                  <form-login-page>/loginform.html</form-login-page>
                 <form-error-page>/loginerror.html</form-error-page>
          </form-login-config>
     </login-config>
     <security-role>
        <role-name>TutorialUser</role-name>
    </security-role>
    

    See http://docs.oracle.com/cd/E19226-01/820-7627/bncby/index.html for details. This is JEE standard way.

    0 讨论(0)
  • 2021-01-27 18:56

    You can use a servlet to login to your application.

    But you need a filter to restrict access to secured pages.

    Every request must pass through that filter.

    0 讨论(0)
提交回复
热议问题