Scala Web 应用程序安全
对于 Scala Web 应用程序中的 Web 安全性,有哪些好的框架选择。我们想尝试 Scala Web 开发,但尚未找到好的 Scala Web 应用程序安全框架。
从Java方面我至少了解Spring Security和Apache Shiro。
您是否有使用 Scala Web 应用程序安全框架或 Scala 上下文中的 Spring Security / Apache Shiro 的经验?
What are good framework choices for web security in a Scala web application. We would like to try out Scala web development, but couldn't yet find good Scala web app security frameworks.
From the Java side I know at least Spring Security and Apache Shiro.
Do you have experience with Scala web app security frameworks or with Spring Security / Apache Shiro in a Scala context?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Lift 具有安全性,如此处,作者:Lift 的作者 David Pollak。
Lift has security baked in as described here by David Pollak, the author of Lift.
我在小型 Scala Web 应用程序中使用了 Spring Security。我在开始学习 Scala 时创建了它,并尝试使用完整的 Java 堆栈:Spring MVC + Spring + Spring Security + Hibernate + BlazeDS(我还在这个项目中使用了 Flex 作为前端)。现在我可以说这是一次非常美好和积极的经历。一般来说,问题是 scala 与 Spring 和 Hibernate 的集成如何。我必须在实体中使用
@BeanProperty或@BeanInfo和 java 集合。但我还没有遇到来自 Spring Security 方面的任何真正问题。它按预期工作。我只记得 Spring AOP 的一个小问题:服务类通过 BlazeDS 将其方法发布到 Flex 应用程序。我还使用 Spring Security 的对象 ACL(使用
正如您所看到的,将 Spring Security 与 Scala 一起使用并不是问题。我相信使用 Apache Shiro 应该更容易,因为它声称完全独立于容器或环境(我听说可以在 Spring 之外使用 Spring Security,但我也听说这非常痛苦)。一般来说,在 Scala 中,您可以归档 Java 中可以归档的所有内容。问题是生成的代码有多漂亮/惯用/纯粹/无副作用。
顺便说一句,有一个将 Lift 与 Apache Shiro 集成的新项目:lift-shiro。 在这里您还可以找到关于它的小博客文章。
希望这有帮助。
I used Spring Security in small Scala web application. I created it as I started to learn Scala and I tried to use complete Java stack: Spring MVC + Spring + Spring Security + Hibernate + BlazeDS (I also used Flex in this project for the frontend). Now I can tell that it was really nice and positive experience. Generally the question is how good scala integrates with Spring and Hibernate. I had to use
@BeanPropertyor@BeanInfoand java collections in entities.But I have not faced any real issues from the spring security side. It was working as expected. I can remember only one minor issue with Spring AOP: service classes were publishing their methods through BlazeDS to the flex application. I also secured them with Spring Security's object ACLs (with
<security:intercept-methods />and<security:protect />). All this stuff, of course, is possible because of AOP magic. So I noticed this wired Spring AOP's behavior - if your class implements some interfaces, then it will use JDK's proxies to implement them and delegate all calls to target, but if class does not implementing any interfaces, then it will use cglib to extend your class and delegate each method call. The problem is that my public service classes does not implement any interfaces, but AOP was not working properly. The reason isScalaObjectinterface that is implemented by all scala classes. So I created new traits for all public services in order to solve this problem (I have not found any way to configure Spring AOP - seems that this behavior is hardcoded).So as you can see it's not a problem to use Spring Security with Scala. I believe that it should be even easier to use Apache Shiro because it claims to be completely container or environment independent (I heard that it's possible to use Spring Security outside Spring, but I also heard that it's pretty painful). Generally in Scala you can archive everything you can in Java. The question is how pretty/idiomatic/pure/side-effect-free resulting code would be.
By the way, there is a new project that integrates Lift with Apache Shiro: lift-shiro. Here you can also find small blog post about it.
Hope this helps.