RESTful Web应用程序用户名和密码的安全性驻留在数据库中?

时间:2015-10-13 08:32:13

标签: java rest jersey-2.0

我想为我的Web应用程序提供安全性。我已经提供了它 基本身份验证。但现在我想提供UI来添加用户,权限 用户的选项。我谷歌很多,但没有想法。请一些人帮我做这个。任何文档,文章也对我有帮助。

BASIC身份验证描述符: - 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<display-name>JerseyAuthentication</display-name>
<welcome-file-list>
    <welcome-file>login.html</welcome-file>
</welcome-file-list>
<servlet>
    <servlet-name>Application</servlet-name>
    <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
    <init-param>
        <param-name>jersey.config.server.provider.packages</param-name>
        <param-value>org.student.resource</param-value>
    </init-param>
    <init-param>
        <param-name>jersey.config.server.provider.classnames</param-name>
        <param-value>org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Application</servlet-name>
    <url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>admin</web-resource-name>
        <url-pattern>/admin/*</url-pattern>
        <url-pattern>/user/*</url-pattern>
        <url-pattern>/others/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>PUT</http-method>
        <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
   <security-constraint>
    <web-resource-collection>
        <web-resource-name>user</web-resource-name>
        <url-pattern>/user/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>user</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>others</web-resource-name>
        <url-pattern>/others/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>others</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>my-default-realm</realm-name>
</login-config>
<security-role>
    <role-name>admin</role-name>
</security-role>
<security-role>
    <role-name>user</role-name>
</security-role>
<security-role>
    <role-name>others</role-name>
</security-role>
</web-app>

tomcat-users.xml: - 

 <tomcat-users >
  <user username="Murugesan" password="secret" roles="admin" />
  <user username="peeskillet"  password="superSecret" roles="user"  />
 </tomcat-users>

0 个答案:

没有答案
相关问题
最新问题