0

I was given a JSP page where anyone can just view the page source and find the Username and password. My task is to make it somewhat secure. After some reading, I figured I would want to implement an SHA-256 encryption system, but I am not too sure how to do this.

How should I store the hashed passwords? I have barely any experience with JSP / security, so I don't fully understand the steps. After a user enters his password, and it gets encrypted with SHA 256, does this string get compared to a string in a text file? What's the best way for this?

What is the difference between having the entire procedure done in one JSP file versus multiple. I notice how sometimes the login and encryption occurs in the same file while other times, the form uses other JSP files.

4

1 回答 1

0

go for spring web mvc+spring security plugin 它提供了你需要的所有内容,只需要 xml 和数据库

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans" 
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">
    <http  auto-config="true"  use-expressions="true">
        <intercept-url pattern="/admin*" access="hasAnyRole('ROLE_Admin')" />
        <form-login login-page="/login" default-target-url="/welcome"
                            authentication-failure-url="/loginfailed" />
        <logout logout-success-url="/login" />
    </http>
    <authentication-manager>
        <authentication-provider>
            <password-encoder hash="sha256"/>
        <jdbc-user-service data-source-ref="dataSource"
           users-by-username-query="
              select username,password, enabled 
              from users where username=?" 
           authorities-by-username-query="
              select u.username, u.authority from users u
              where u.username =?  " 

        />
        </authentication-provider>
    </authentication-manager>
</beans:beans>
于 2013-10-16T13:45:31.880 回答