java Spring Boot 应用程序中的会话
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/43562675/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Session in Spring Boot application
提问by Akhilesh
My project is a springboot application with basic crud functionality with a login page using HTML and CSS only. How do I add session for login and logout
我的项目是一个具有基本 crud 功能的 springboot 应用程序,其登录页面仅使用 HTML 和 CSS。如何为登录和注销添加会话
采纳答案by Dániel Kis
It is recommended to use Spring Security.
推荐使用 Spring Security。
You can find a lot of example if you search for "spring security tutorial" in google.
如果您在谷歌中搜索“spring security tutorial”,您可以找到很多示例。
For instance it is an offical tutorial with angular js (1.x) https://spring.io/guides/tutorials/spring-security-and-angular-js/
例如,它是 angular js (1.x) https://spring.io/guides/tutorials/spring-security-and-angular-js/的官方教程
If you don't want to use spring security you have to create a http session and store the logged in user data in http session.
如果您不想使用 spring security,则必须创建一个 http 会话并将登录的用户数据存储在 http 会话中。
In spring you can inject the HttpSession to your bean and you can add session attributes, or you can create a session scoped bean.
在 spring 中,您可以将 HttpSession 注入到您的 bean 中,并且您可以添加会话属性,或者您可以创建一个会话范围的 bean。
回答by Faraz
As others have suggested, you can use Spring security. Or if you don't want to deal with the complexities of Spring Security, you can get HttpSessionobject in your controller's handlers' methods' arguments. You can set values or objects in that session using HttpSession.setAttribute("name you want to refer to", actual value or object)once a user logs in. And when a user presses logout, you can use HttpSession.invalidate();to finish the session.
正如其他人所建议的那样,您可以使用 Spring 安全性。或者,如果您不想处理 Spring Security 的复杂性,您可以HttpSession在控制器的处理程序方法的参数中获取对象。HttpSession.setAttribute("name you want to refer to", actual value or object)一旦用户登录,您就可以在该会话中设置值或对象。当用户按下注销时,您可以使用它HttpSession.invalidate();来完成会话。
回答by Derek Mwachinga
The best solution to this would be the use of Spring Security. Take a look at this: https://spring.io/guides/gs/securing-web/.
对此的最佳解决方案是使用 Spring Security。看看这个:https: //spring.io/guides/gs/securing-web/。
回答by mo sean
easy tutorial of spring web security see link hereand here
回答by Gajanan Kulkarni
Spring Security is best option for authentication and authorization. For login, if new user got logged in then you need to maintain session for particular user until logout. You can use Spring security session management.
Spring Security 是身份验证和授权的最佳选择。对于登录,如果新用户登录,那么您需要为特定用户维护会话直到注销。您可以使用 Spring 安全会话管理。
http://www.baeldung.com/spring-security-session
http://www.baeldung.com/spring-security-session
You can set UserDetails object in http.setAttribute("USER_DETAILS", userDetails);
您可以在 http.setAttribute("USER_DETAILS", userDetails); 中设置 UserDetails 对象。
(userDetails is object of UserDetails which is in built class)
(userDetails 是内置类中的 UserDetails 的对象)
You can use this httpSession object like httpSession.getAttribute("USER_DETAILS"); for manipulation further. For logout use can use httpSession.invalidate() method.
你可以像 httpSession.getAttribute("USER_DETAILS"); 一样使用这个 httpSession 对象。进一步操纵。对于注销使用,可以使用 httpSession.invalidate() 方法。
