来自 Servlet 的验证(摘要)请求
我正在创建一个小servlet。 它托管在根目录“/”中,“/”后面的任何内容都是资源,例如“/myanim.swf”。 大多数文件是公开的,但也有一些是私有的。 对于公共文件,它们只是被提供,但对于私有文件,我希望浏览器显示一个身份验证框,并将摘要身份验证发送回 servlet,然后可以验证它并提供内容。 我应该如何实施该
if(!file.isPublic())
部分? 由于我希望浏览器进行身份验证,因此我不想使用 j_security_check 机制
Cheers
Nik
I'm creating a small servlet. It's hosted at root, "/", and whatever comes after "/" is a resource, like "/myanim.swf". Most of the files are public, but some are private. For public files, they are just served, but for private files, I wish the browser to present an authentication box and have a Digest authentication sent back to the servlet, that can then verify it and serve the content. How should I implement the
if(!file.isPublic())
part? Since I want the browser to do the authentication, I don't want to use j_security_check mechanism
Cheers
Nik
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Servlet 规范开箱即用地支持这一点。 您所指的“
j_security_check机制”仅在基于表单的身份验证方法中使用,而您将使用摘要。这是 J2EE 教程 中的相应章节,这里是 < href="http://java.sun.com/javaee/5/docs/tutorial/doc/bncbx.html#bncck" rel="nofollow noreferrer">如何配置基本身份验证的示例 servlet(用基于摘要的方法替换它很简单)。
Servlet spec supports this out of the box. "
j_security_checkmechanism" as you refer to it is only used during form-based authentication method whereas you will be using digest.Here's a corresponding chapter from J2EE tutorial and here's an example of how to configure basic authentication for a servlet (replacing it with a digest-based method is straightforward).