编写好了JAVA WEB,想像桌面软件那样,第一次使用的时候需要输入一个key,验证通过则能使用整个系统,否则就无法访问任何页面。
key可以包含授权使用时长,比如1个月。
没有输入正确的key,则无论访问什么url路径,都会跳转到输入key的页面(和用户的登录页面一样)
请问这该怎么实现?
阿神2017-04-18 09:58:35
Simply speaking, there are two types
Generate key based on the other party’s machine.
Just implement an encryption method yourself. (Algorithms such as summary algorithms that do not require inverse solutions are sufficient)
Then obtain the main hardware of the computer where the project is deployed, such as the motherboard, network card, hard drive, etc., use these data to calculate a value in the project, and fill it in with the user If the entered keys are relatively the same, the formal project will be started. If they are different, you will be prompted to fill in the key. mac地址
As for how to obtain the other party's hardware information, it's up to you. For example, just ask the comrade who deployed the project to send it back to you, and then you use that calculation to calculate a key and send it back.
For example, build another web service, use this machine to generate a batch
and distribute it. Then after the project is started, first request this server to perform the verification. The server will verify whether the key exists, whether it has been used, and send the used one. Is the key machine the same machine as the first activation? (Just use the same irreversible algorithm) UUID
Or even simpler, use a pseudo-random algorithm (reversible algorithm). A batch of keys can be calculated based on the seed, and the seed can be decoded for each key.
Decrypt the input key when the project is started to determine whether it is the seed.
伊谢尔伦2017-04-18 09:58:35
The premise is that you have already given this key
to the customer through other means.
Verify whether the access is illegal through strong verification such as cookie
判断是否已经登陆,如果验证比较严谨,你这种按授权来的也可以加些ip
地址,mac
address, after all, your customer base is probably not the general public.
The authorized usage period, you said it is calculated on a one-month basis, and some advanced customers may calculate it on a half-year basis, so this is decided when generating.
You can use redis
to store your For this redis
存储你的这个key
,可以设置过期时间,每次访问从cookie
取key
(多数是要加密的),根据key
可以去redis
, you can set the expiration time, and get
cookie
for each visit (most of them need to be encrypted). According to redis
to get the remaining authorization time.
springmvc
高洛峰2017-04-18 09:58:35
I don’t know how your key and user are bound. It should be the user's unique identifier. The unique identifier and key of the matching user can be stored in the database or cache to determine whether the user has permission. As for page jumps, a filter is enough.
阿神2017-04-18 09:58:35
You can generate a secret key after logging in successfully, store it in a cookie and set the cookie expiration date. Verify it every time you refresh the web page. This is a relatively simple method
怪我咯2017-04-18 09:58:35
In the absence of other external certificates, what is the difference between the subject's requirement and "record the login status for a period of time after logging in using the username and password"?
阿神2017-04-18 09:58:35
Thank you for your replies, but I'm sorry that I can only accept one answer.