Combined with WAS, the login authentication in the J2EE specification and the logout in the non-normative are briefly analyzed, and the custom processing process is added through the filter.


    In simple applications, there will be a separate set of user storage and management systems, but in enterprise-level applications, maintaining a separate set of such a system for each application will bring heavy maintenance work and application expansion difficulties. Due to its standardization of the LDAP protocol, the corresponding LDAP server can be used as a user storage and management platform for enterprise-level applications. In this way, the required user information of any system is in the LDAP service, and the application itself can manually obtain user information from it for authentication. However, the authentication and authorization modules that the web container must implement are specified in the J2EE specification. That is to say, in previous applications, whether the user has the right to log into the system to access related resources needs to be completed by the application itself, but under the J2EE specification, these contents can be handed over to the container to complete. J2EE provides a variety of authentication methods. The following figure shows the form-based authentication process.

For details, please click
to transfer : http://blog.csdn.net/dongzi87/article/details/7242439

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=327106739&siteId=291194637