如何在 Web 服务上下文中存储信息?
我使用负责用户登录的网络服务。如果登录成功,应该生成一个令牌。
@GET
@Produces(MediaType.TEXT_PLAIN)
@Path("/login")
public String login(@QueryParam("userName") String name,
@QueryParam("password") String password) {
//Spring Securtity Check
HttpResponse r =loginResponse(name,password);
String s = r.getFirstHeader("Location").toString();
boolean isError = s.contains("login_error");
if(!isError){
//TODO store Token in the application context
MD5 token = new MD5(name+System.currentTimeMillis());
return "token:"+token.getMD5();
}
return "fail";
}
我想将令牌存储在应用程序上下文中,但我不知道如何存储。只要服务器应用程序正在运行,令牌就应该存在。 Web 服务是否有自己的应用程序上下文?我应该使用某种 HTTP servlet 来存储信息吗?
I use a web service which is responsible for user logins. If a login is successful, a token should be generated.
@GET
@Produces(MediaType.TEXT_PLAIN)
@Path("/login")
public String login(@QueryParam("userName") String name,
@QueryParam("password") String password) {
//Spring Securtity Check
HttpResponse r =loginResponse(name,password);
String s = r.getFirstHeader("Location").toString();
boolean isError = s.contains("login_error");
if(!isError){
//TODO store Token in the application context
MD5 token = new MD5(name+System.currentTimeMillis());
return "token:"+token.getMD5();
}
return "fail";
}
I would like to store the token in the application context, but I don't know how. The token should exist as long as the server application is running. Does the web service have its own application context? Should I use some kind of HTTP servlet to store the information?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
将其存储在 memcached 中,使用它您可以应用一些过期策略,并且当您有超过一台服务器,存储在本地内存中会有问题,存储在
全局缓存中,比如memcached更合适。store it in memcached, using it you can apply some expiration policy, and also when you have more than one server, it will be an problem to store it in the local memory, store it in
global cachelike memcached is more apropariate.我不太明白你所说的应用程序上下文。
是ServletContext吗?您可以在 Jersey 中使用
@Context注释来获取它:@Context ServletContext。您可以将 is 作为资源中的字段或作为方法的参数。ServletContext 已启动,而 servlet 已启动。根据其配置,它可能会被 servlet 容器删除。
顺便提一句。你的设计真的很糟糕而且不安全。您使用 GET 进行登录操作,并在 url 上传递用户名和密码。这意味着几件事:
我对你的问题进行了投票,因为这是登录设计不良的一个很好的例子。
I don't quite understand what you call the application context.
Is it ServletContext? You can get it in Jersey using the
@Contextannotation:@Context ServletContext. You can get is either as a field in your resource, or as a parameter to your method.The ServletContext is up, while servlet is up. It may be removed by the servlet container depending on its configuration.
Btw. your design is really really bad and insecure. You use GET for login operation and pass both username and password on the url. This means few things:
I'm voting your question up, since it's a great example of a bad design for login.