春天 + GWT 项目 - 对每个用户操作执行处理程序
我是 Spring、GWT 甚至 Java World 的新人。所以要有耐心。我们有一个相对较大的项目,其中一个使用了 Spring、GWT、Hibernate 和 Signal-Com Inter-Pro(用于 html 表单签名的俄罗斯解决方案,以保护已识别的客户端)。
因此,现在当用户尝试登录系统时,它会从 http 标头中读取证书 s/n,并与数据库中的 s/n 进行比较。如果它们相等,则用户可以使用系统。否则,通知用户和安全管理员。
我当前的任务是将此检查添加到每个用户操作中,即 GWT 按钮单击、切换到下一个视图等。有没有地方可以组织这样的测试?
技术信息: 登录表单已重定向到特殊页面
final FormPanel form = new FormPanel();
form.setAction(GWT.getModuleBaseURL() + "checkCertificate.htm");
接下来,checkCertificate.htm 在dispatcher-servlet.xml 中有映射:
bean name="/base_dir/checkCertificate.htm" class="...CheckCertificateController">
property name="checkSignature" ref="checkSignature"/>
/bean
All necessary certificate actions are implemented in public class CheckCertificateController extends AbstractController {
protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {
...
}
当用户单击登录按钮时调用。
I'm new one in Spring, GWT and even Java World. So be patient. We have relatively big project, which one used Spring, GWT, Hibernate and Signal-Com Inter-Pro (Russian solution for html form signing to secure identified clients).
So now when user tried to log in into system, it read certificate s/n from http headers, compare with s/n from database. If they are equal, user can work with system. Otherwise, notify user and security administrator.
My current task is to add this check to every user action, i.e. GWT button click, switching to next view and so on. Is there a place where you can organize such a test?
TECH INFO:
Login form have redirect to special page
final FormPanel form = new FormPanel();
form.setAction(GWT.getModuleBaseURL() + "checkCertificate.htm");
Next, checkCertificate.htm have mapping in dispatcher-servlet.xml:
bean name="/base_dir/checkCertificate.htm" class="...CheckCertificateController">
property name="checkSignature" ref="checkSignature"/>
/bean
All necessary certificate actions are implemented in
public class CheckCertificateController extends AbstractController {
protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {
...
}
which is called when user click login button.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我们有一个 Servlet 过滤器,每次用户需要数据库中的任何信息时,它都会执行安全检查。
尽管这与对每个用户操作执行检查不太一样,但它对我们来说非常有效。
或者,您可以设置常规的 重复命令 它将按特定时间间隔进行检查并锁定用户如果他们的序列号无效。
We have a Servlet Filter which performs a security check each time the user needs any information from the database.
Although that's not quite the same as performing a check with each user action, it works pretty effectively for us.
Alternatively you could set up a regular repeating command which would check at specific intervals and lock the user out if their serial number was invalid.