1 briefly describes the role of listener, filter, servlet in Web. Xml.
Listener: Listens to the execution action in the Web server, and according to the request makes the corresponding
Response
Filter: Used to
Preprocessing of the user's request and post-processing of the server's response
Servlet: An application running on the server for dynamically generating Web pages
2 Consult the APIs of HttpSession and HttpCookie, are they interfaces? Object?
Javax.servlet.http Interface HttpSession is an interface
Javax.servlet.http Class Cookie is an object
3 in your own words, the "Check authentication using Spring MVC and Handler Interceptor" program authentication process
The ① Interceptor Authenticationinterceptor intercepts the request, Yongprehandle function to determine whether the requested URI is "/sample-interc/", "/sample-interc/login.do "or"/sample-interc/login.failed ". If not, the function returns True if the user is already logged in, otherwise the function returns false
② then in the controller to determine whether the user entered the user name and password is valid, if valid set the session and redirect to the Welcome page, otherwise redirect to Login.failed page
4 The process of Shiro certification and authorization is briefly described in the case.
① calls Subject.login (token) for login, which is automatically delegated to SecurityManager, which must be set by Securityutils.setsecuritymanager () before calling;
②securitymanager is responsible for the true authentication logic; It will delegate authentication to authenticator;
③authenticator is the real authenticator, SHIROAPI in the core authentication entry point, where you can customize the implementation of the plug-in;
④authenticator may be delegated to the appropriate authenticationstrategy for realm authentication;
⑤authenticator will pass the corresponding token into realm to obtain authentication information from realm, and if no return/throw exception indicates that authentication failed. Multiple realms can be configured here and will be accessed in the appropriate order and policy.
Distributed Computing (vii)--WEB authorization and authentication