问题
Hi I am look for a proven java security web-library which is a bit more low-level and therefore less intrusive than the well known frameworks spring-security and apache shiro.
Just something which has best-practive utility-apis for example to encode a remember-me cookie or for dighest authentication, accessing ldap. All the sutff which is so useful in the above frameworks but without needing to follow the frameworks filters and indriections an application-context or yet another ini file etc.
回答1:
Well, you can always use the HttpServletRequest.login() method or j_security_check and implement an auth manager beneath it for your particular server, that's pretty much the default & low level standard thing... Your only real other choice is, as you mentioned, security frameworks.
回答2:
Have a look at the Apache Shiro project it does a lot more then the standard libraries, and makes it really easy.
回答3:
If you don't want to use either of one, use container-managed security which both Tomcat and Jetty provide.
来源:https://stackoverflow.com/questions/6840986/any-library-for-authentication-in-a-java-web-app