Spring Security:关于表单中的名称 j_username 和 j_password
您好,我正在阅读这本关于 Spring Security 的书。它讨论了具体名称 j_username 和 j_password 。
The form field names are specified by UsernamePasswordAuthenticationFilter
itself, and take their cue from the Java EE Servlet 2.x specification (in section
SRV.12.5.3), which requires that login forms use these specific field names, plus
the special form action j_security_check. This design pattern was intended to
allow authors of Java EE servlet-based applications to tie into the servlet container's
security configuration in a standard way.
我无法理解上面的说法。这个“这个设计模式的目的是什么? 允许基于 Java EE servlet 的应用程序的作者绑定到 servlet 容器 以标准方式进行安全配置”是什么意思?
Hi I am reading this book on Spring Security . It talks about the specific names j_username and j_password .
The form field names are specified by UsernamePasswordAuthenticationFilter
itself, and take their cue from the Java EE Servlet 2.x specification (in section
SRV.12.5.3), which requires that login forms use these specific field names, plus
the special form action j_security_check. This design pattern was intended to
allow authors of Java EE servlet-based applications to tie into the servlet container's
security configuration in a standard way.
I am not able to understand the above statement . What does this "This design pattern was intended to
allow authors of Java EE servlet-based applications to tie into the servlet container's
security configuration in a standard way" mean ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
由于这些表单字段名称是 servlet 规范的一部分,该规范作者的意图是您可以更换底层安全提供程序(例如,从 Spring Security 迁移到 Java EE 应用程序服务器的安全基础设施),而无需进行任何更改更改为登录表单字段名称。
然而,这在实践中是否有效是一个完全不同的故事;)
-- Peter(作者,Spring Security 3(书))
Since these form field names are part of the servlet specification, the intention of the authors of the specification was that you could swap out the underlying security provider (e.g. move from Spring Security to a Java EE application server's security infrastructure) without requiring that any change be made to the login form field names.
Whether or not this works in practice, however, is an entirely different story ;)
-- Peter (Author, Spring Security 3 (book))