12

I'm trying to learn Java EE 6 and i'm just wondering how to implement authentication mechanism in Java EE 6.

Here is the Java EE 6 authentiction example:

    public void login() {
    if (account.authenticate(name, password) == null) {
        message = "Invalid user name or password!";
    } else {
        message = " Login successful";
        FacesContext context = FacesContext.getCurrentInstance();
        HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
        try {
            request.login(this.name, this.password);
            Principal principal = FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal();
            name = principal.getName();
        } catch (ServletException e) {
            // Handle unknown username/password in request.login().
            context.addMessage(null, new FacesMessage("Unknown login"));
        }
    }
}

I have a following questions:

  1. How request.login function check name and password? It isn't know user entity?
  2. If it isn't right way. How to implement standart authentication mechanism

In finally thank you for your advise and i need a very good tutorials or advise.

4

1 回答 1

15

功能如何request.login检查名称和密码?不知道用户实体?

request.login允许实现编程安全性并在为 ServletContext 配置的 Web 容器登录机制使用的密码验证域中验证提供的用户名和密码

换句话说,它将身份验证检查委托给容器,并且该检查是针对 webapp 的安全领域进行的。这是一个非常好的替代基于 FORM 的身份验证。

Authentication without the Form 一个很好的截屏视频,展示了此功能的实际应用。如果您不想使用文件领域而是 JDBC 领域,请查看此博客文章

也可以看看

于 2010-06-04T17:59:46.550 回答