blocks|key|939264|text|您可能需要编写一个Filter来检查和捕获这种情况。我喜欢this+tutorial+(希望翻译成英语是可以理解的)。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|939265|entityMap|0|LINK|mutability|MUTABLE|url|http://www.oracle.com/technetwork/java/filters-137243.html|1|http://www.microsofttranslator.com/bv.aspx?from=de&to=en&a=http://www.jsptutorial.org/content/filter^0|9|6|0|T|D|1|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@$A|O|B|P|1|Q]|$A|R|B|S|1|T]]|C|$]]|$1|D|3|-4|5|6|7|U|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]|L|$5|G|H|I|C|$J|M]]]]

You will probably need to write a <a href="http://www.oracle.com/technetwork/java/filters-137243.html" rel="nofollow">Filter</a> to check for and catch that case. I like <a href="http://www.microsofttranslator.com/bv.aspx?from=de&amp;to=en&amp;a=http://www.jsptutorial.org/content/filter" rel="nofollow">this tutorial</a> (hoping the translation to English is understandable).

blocks|key|939349|text|在我看来，对于RESTful服务，最好使用基于SSL的基本或摘要身份验证。其他选项包括将凭据作为有效负载的一部分，或者创建专用登录服务，该服务接受凭据并返回令牌。基于表单的身份验证不太适合RESTful服务的原因有很多种:它需要一个会话，它不使用现有的HTTP+Authorization等等。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|939350|如果需要使用AJAX调用RESTful服务，那么使用cookie进行身份验证可能是一个有效的解决方案。它们应该只影响用户是否可以发出呼叫，而不是服务器如何响应。|939351|如果您希望继续对应用程序使用基于表单的身份验证，我建议您添加一个额外的JAAS身份验证提供程序，它将处理RESTful服务身份验证。你可以阅读更多关于它的here。|offset|length|939352|另一种应该比JAAS更容易的选择是使用Spring+Security或Apache+Shiro，而不是基于容器的身份验证。Here是使用Spring+Security配置基于表单的身份验证的一个示例。这篇文章展示了一个如何使用Spring+Security进行secure+RESTful+services的例子。|939353|entityMap|0|LINK|mutability|MUTABLE|url|http://docs.oracle.com/cd/E19798-01/821-1752/gizel/index.html|1|http://www.springsource.org/spring-security|2|http://shiro.apache.org/|3|http://blog.solidcraft.eu/2011/03/spring-security-by-example-set-up-and.html|4|http://java.dzone.com/articles/securing-restful-web-service^0|0|0|25|4|0|0|J|F|1|Z|C|2|1P|4|3|3M|N|4|0^^$0|@$1|2|3|4|5|6|7|Z|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|10|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|11|8|@]|9|@$F|12|G|13|1|14]]|A|$]]|$1|H|3|I|5|6|7|15|8|@]|9|@$F|16|G|17|1|18]|$F|19|G|1A|1|1B]|$F|1C|G|1D|1|1E]|$F|1F|G|1G|1|1H]]|A|$]]|$1|J|3|-4|5|6|7|1I|8|@]|9|@]|A|$]]]|K|$L|$5|M|N|O|A|$P|Q]]|R|$5|M|N|O|A|$P|S]]|T|$5|M|N|O|A|$P|U]]|V|$5|M|N|O|A|$P|W]]|X|$5|M|N|O|A|$P|Y]]]]

In my opinion it is better to use Basic or Digest authentication over SSL for RESTful services. Other options are including the credentials as part of the payload or creating a dedicated login service, which accepts credentials and returns a token. There are various <a href="https://stackoverflow.com/questions/7099087/why-is-form-based-authentication-not-considered-restful">reasons</a> why form based authentication is less suitable for RESTful service: it requires a session, it does not use the existing HTTP Authorization and more. 
If you need to call your RESTful service using AJAX then using a cookie for authentication can be a valid solution. They should only affect if the user can make a call, but not how the server responds. 

If you would like to keep using form based authentication for your application I would suggest adding an additional JAAS authentication provider which will handle the RESTful services authentication. You can read more about it <a href="http://docs.oracle.com/cd/E19798-01/821-1752/gizel/index.html" rel="nofollow noreferrer">here</a>.

Another option, which should be easier than JAAS, would be using <a href="http://www.springsource.org/spring-security" rel="nofollow noreferrer">Spring Security</a> or <a href="http://shiro.apache.org/" rel="nofollow noreferrer">Apache Shiro</a> instead of the container based authentication.
<a href="http://blog.solidcraft.eu/2011/03/spring-security-by-example-set-up-and.html" rel="nofollow noreferrer">Here</a> is an example of configuring form based authentication with Spring Security. This post shows an example of how to <a href="http://java.dzone.com/articles/securing-restful-web-service" rel="nofollow noreferrer">secure RESTful services</a> using Spring Security.

blocks|key|4397062|text|在登录页面中|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4397063|重置JSESSIONID+cookie以防止重定向最后一页|4397064|//+login_form.jsp|4397065|Cookie+jsess+=+new+Cookie("JSESSIONID"，null)；|4397066|jsess.setMaxAge(0)；|4397067|jsess.setPath(pageContext.getServletContext().getContextPath())；|4397068|response.addCookie(jsess)；|4397069|entityMap^0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|P|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Q|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|R|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|S|8|@]|9|@]|A|$]]|$1|H|3|I|5|6|7|T|8|@]|9|@]|A|$]]|$1|J|3|K|5|6|7|U|8|@]|9|@]|A|$]]|$1|L|3|M|5|6|7|V|8|@]|9|@]|A|$]]|$1|N|3|-4|5|6|7|W|8|@]|9|@]|A|$]]]|O|$]]

in your login page

reset the JSESSIONID cookie to prevent redirect last page

// login_form.jsp

Cookie jsess = new Cookie("JSESSIONID", null);

jsess.setMaxAge(0);

jsess.setPath(pageContext.getServletContext().getContextPath());

response.addCookie(jsess);

I'm going to rewrite my previous question.

Glassfish redirects after form login to the last accessed resource, how do I go about to turn this off?

Our problem is that we get 415 in FF and IE because if I have a JSESSION cookie Glassfish will redirect to the last resource I tried to access but does not switch content type from (x-form-urlencoded).

Pseudo example (requests are the browsers' XMLHttpRequest):

<pre><code>GET /secure/resouce1 (json) -&gt; Response "you're not logged in."
GET /login.xhtml
POST /j_secure (x-form-urlencoded) -&gt; New location /secure/resource1 (x-form-urlencoded)
GET /secure/resource1 (x-form-urlencoded) &lt;- HTTP ERROR 415 content type not JSON.
</code></pre>

Disable redirect to last accessed resource on form login Glassfish

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

我要重写我之前的问题。Glassfish在表单登录后重定向到上次访问的资源，我该如何关闭它？我们的问题是，我们在FF和IE中得到415，因为如果我有一个JSESSION cookie，Glassfish将重定向到我试图访问的最后一个资源，但没有从(x-form-urlencoded)切换内容类型。伪例(请求是浏览器的X...

问禁用在表单登录时重定向到上次访问的资源Glassfish
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问禁用在表单登录时重定向到上次访问的资源GlassfishEN