Authorization and authentication on the web applic

2019-08-19 01:57发布

问题:

I am programming a Web-Application with Java EE, JSF, Hibernate, MySQL by using Eclipse and Apache Tomcat. I do not use Spring, EJB or etc.

I have simple login page. There are two inputs for username and password and submit button to pass values of inputs to the bean. If entries of users are matched with records in DB, then next page is opened. However, this process has a lack of security. If user enters a URL of next pages, he/she can easily skips login process without any security.

I know that my application needs authentication and authorization. I have googled these terms for three days. I learned lots of things, but I do not have found a simple solution for the application with JSF, Hibernate and worked on Apache Tomcat.

Is there any simple example that contains this kind of configuration? I do not need detailed management. Just a simple authentication (also maybe authorization).

I am really tired, please help me.

EDIT (1):

I chose "container managed authentication" as a login strategy and I develeped some code. com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'USER_NAME' in 'where clause' - container managed authentication. However, I get com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException. I hope to reach the solution, if you help me. All feedback appreciated!

EDIT (2):

I realized that "container managed authentication" has strict rules and it limits the freedom of coding. Programmer cannot write code based on requirements of application with this solution. Because of that, I implement Servlet-Filter solution which is old, but powerful, in my app. If you want to try new ones, Apache Shiro may be an option. I advise to look at the article of http://balusc.blogspot.com.tr/2013/01/apache-shiro-is-it-ready-for-java-ee-6.html#ProgrammaticLogin

回答1:

Try using Spring security, it will allow to protect the application with authentication and authorization. See this tutorial as a starting point.