Architecture mode in the web development framework (5)

zhaozj2021-02-16 68

User identity confirmation Authentication and Authorize Authorization

When the web user accesses the protected resources on the web server, it is usually necessary to pass through two steps. (Extracted from .NET framework document)

1. User identity confirmation Authentication

Make sure the user is not a fake. The application obtains the credentials of the user (various forms of identity, such as user name and password) and verify those credentials through certain licensing agencies. If these credentials are valid, the entity submitted to these credentials is considered as identified by authentication.

2. Authorize Authorization

Access access is restricted by granting or rejecting specific permissions for verified identity.

The resource protection strategy of the ASP.NET and Java web framework follows this model: corresponding to the protected resources, define a set of roles, users, and allowed operations. Operation is called http-method in the Java web framework, called VERB in ASP.NET, which represents HTTP methods such as HTTP GET, HTTP POST.

According to the servlet2.4 specification, the Login Form for the web page of the Java Web framework should be written in accordance with the following case. Note that the value of the Form's Action property should be j_security_check.

ASP.NET server-side configuration file Web.config example. (8)

The following example is extracted from the .NET framework document.

Loginurl = "/ login.aspx"

DecryptionKey = "1! # $$ * 13 ^">

...

Server-side configuration file for the Java web framework Web.xml.

The following example is extracted from the servlet2.4 specification. The roles, users, and allowable operations corresponding to the protected resource are defined in the and section.

XMLns: xsi = "http://www.w3.org/2001/xmlschema-instance"

XSI: schemAlocation = "http://java.sun.com/xml/ns/j2ee http: //

Java.sun.com/xml/ns/j2ee/web-app_2_4.xsd "Version =" 2.4 ">

a secure application

Catalog

com.mycorp.catalogservlet

Catalog

Spring

MGR

Manager

manager

Catalog

/ catalog / *

SalesInfo

/ salesinfo / *

get

pos

manager

Confidential

SOAP Web Service

The .NET Framework and Apache Axis project provide SOAP implementation of Web Service. The basic model used is as follows.

Implement SOAP XML data to the binding of the application object via XML serialization; XML serialization (and reverse sequence) occurs in the server and customer segment; XML data and application object Object mapping rules are, Object maps to an XML The "property" member of the Object is mapped to the sub-elements of the XML element.

Java and C # both support the REFLECTION mechanism, which can determine the type of Object at runtime. However, some subtle differences: "property" (property) of the Java object is not a type, but a conform to getxxx, setxxx form; "Property" in the C # object is a kind of internally declared Type; also, C # supports attribute, such as [SOAPELEMENT], [XMLELEMENT], [WebMethod], [SOAPCMETHOD] and other properties. Therefore, the XML sequence definition of the C # object is more stringent.

In addition, the set classes of the two languages also have differently, for some special set classes, such as HashTable, there is incompatible situation, so it is best to send an array type to ensure that SOAP Web Service developed by different languages can use each other.

SOAP supports several array types, with two array types - multi-dimensional array and composite arrays, here you explain. Multidimensional arrays refer to a neat array of 3 lines 4 columns such as 3 * 4, and C # language supports this multi-dimensional array. The Java language does not support this multidimensional array; the composite array is an array of index groups, ie the elements of array, ie array elements. This group, C # language, and Java languages support this composite array. However, the composite array can also be used to represent the multi-dimensional array, such as the number of elements of the composite array, an array of element types having a size of 4, can be used to represent a neat array of 3 lines 4 columns in 3 * 4.

转载请注明原文地址:https://www.9cbs.com/read-23534.html

9cbs

New Post(0)