Java 如何在从 Mobile 客户端调用的 Spring REST Webservice 中创建和销毁会话
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26588310/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to create and destroy session in Spring REST Webservice called from Mobile client
提问by Pan
I have Spring REST webserivce Now from a mobile client webservice is getting called. First, login method is called for log in succes or failure based on sent value userid and password.
我有 Spring REST webserivce 现在从移动客户端 webservice 被调用。首先,根据发送的值用户ID和密码调用登录方法登录成功或失败。
@RequestMapping(value = "/login", method = RequestMethod.POST, headers="Accept=application/json")
public @ResponseBody List<LogInStatus> getLogIn(@RequestBody LogIn person , HttpServletRequest request) {
// Call service here
List<LogInStatus> lList = logInService.getUser(person);
//service method and then in DAO database method is there
return lList;
}
Now, for many other call, I need logged in user based values, so need to keep session and need to get current user.And at log out call, need to destroy session. How to do this and achieve,please help with ideas.
现在,对于许多其他呼叫,我需要登录基于用户的值,因此需要保持会话并需要获取当前用户。在注销呼叫时,需要销毁会话。如何做到这一点并实现,请帮助提供想法。
采纳答案by Vladimir
You don't need to create session manually - this is done by servlet container.
您不需要手动创建会话 - 这是由 servlet 容器完成的。
You can obtain session from HttpServletRequest
您可以从 HttpServletRequest 获取会话
HttpSession session = request.getSession();
or just add it as a method parameter, and Spring MVC will inject it for you:
或者只是将其添加为方法参数,Spring MVC 将为您注入它:
public @ResponseBody List<LogInStatus> getLogIn(@RequestBody LogIn person , HttpServletRequest request, HttpSession httpSession)
You then can save user details in session via setAttribute()/getAttribute().
然后,您可以通过setAttribute()/在会话中保存用户详细信息getAttribute()。
However, you are much better off using Spring Security, which is intended just for the task - see @Pumpkins's answer for references. SecurityContextcontains info about currently logged in principal, which you can obtain from SecurityContextHolder
但是,您最好使用 Spring Security,它仅用于该任务 - 请参阅 @Pumpkins 的答案以获取参考。SecurityContext包含有关当前登录主体的信息,您可以从SecurityContextHolder
回答by Pumpkin
You need to integrate spring security in your project and make your rest calls via authentication verifier tokens.
您需要在您的项目中集成 spring security 并通过身份验证验证器令牌进行休息调用。
You may refer to the documentation :
您可以参考文档:
http://projects.spring.io/spring-security/
http://projects.spring.io/spring-security/
Or this nice tutorial can jumpstart your implementation :
或者这个不错的教程可以快速启动您的实施:
http://www.networkedassets.com/configuring-spring-security-for-a-restful-web-services/
http://www.networkedassets.com/configuring-spring-security-for-a-restful-web-services/
