j_security_check 与编程安全性

发布于 2024-11-03 10:12:02 字数 254 浏览 5 评论 0原文

我正在使用 jsf、ejbs 和 jpa 构建一个 Web 应用程序。 我目前使用基于表单的 j_security_check 来处理身份验证。

我需要实现对 cookie 的支持,即“记住我”选项。 我还想防止暴力攻击。即在5次登录失败后锁定某个用户。

我知道另一种选择是使用 ServletFilters 等以编程方式执行此操作。

有没有什么方法可以使用 j_security_check 实现所有这些?或者我应该切换回以编程方式执行此操作?

I'm building a Web application using jsf, ejbs and jpa.
I currently use form based j_security_check to handle authentication.

I need to implement support for cookies ie "Remember me" option.
Also I want to prevent brute force attacks. ie Lock a certain user after 5 failed logons.

I understand that the other option will be to do it programmatically using ServletFilters etc.

Is there any way of implementing all these Using j_security_check? or should I just switch back to doing it programmatically?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

森林迷了鹿 2024-11-10 10:12:02

这必须是围绕 j_security_check 的自定义实现。您可以使用 j_security_check 附加 servlet 过滤器

<filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <url-pattern>/j_security_check</url-pattern>
</filter-mapping>

在 SecurityFilter 中,安全检查返回 userPrincipal 后,在会话中设置更多详细信息并继续。但如果 userPrincipal 为 null,则从数据库中获取失败计数,并将失败消息(包括失败计数)放入会话中,该消息可以显示在登录页面中。

public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {

    Principal userPrincipal = null;
            String username = httpServletRequest.getParameter("j_username");
    String rememberme = httpServletRequest.getParameter("rememberme");
    chain.doFilter(request, response);
    userPrincipal = httpServletRequest.getUserPrincipal();

Remember me 必须在 cookies 中设置,变量“rememberme”的值将在 j_security_check 完成后可用。根据登录成功或失败,可以设置cookie。

This has to be custom implementation around j_security_check. You can attach a servlet filter with j_security_check

<filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <url-pattern>/j_security_check</url-pattern>
</filter-mapping>

In the SecurityFilter, after security check returns userPrincipal, set further details in session and continue. But if userPrincipal is null, fetch the fail count from database and put the failure message (including fail count) in session, which can be displayed in login page.

public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {

    Principal userPrincipal = null;
            String username = httpServletRequest.getParameter("j_username");
    String rememberme = httpServletRequest.getParameter("rememberme");
    chain.doFilter(request, response);
    userPrincipal = httpServletRequest.getUserPrincipal();

Remember me has to be set at cookies and the value of the variable "rememberme" will be available after the j_security_check is completed. Based upon success or failure in login, cookie can be set.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文