I've done many sites,开发者_运维技巧 using Java, Php, etc... When I needed user management I would use HttpSession and a DB to keep passwords and eventually session data.
What's the recomended/standard way of doing this with Spring in a simple way?
There is a "sub"-project of Spring: Spring-Security. That is exactly what you need. It provides also a "jdbc-user-service" authentication provider which reads the user from a database table out of the box.
Spring Security is great when the developer wants to secure his web app. But what about creating the account? and "forgot password"?
Have a look at my answer here.
"I have implemented a JAVA project for this use case. It is open source, based on Spring-Security. A release version is on Maven-Central, so you do not need to compile it, but instead you can fetch it as maven-dependency to your project!"
<dependency>
<groupId>com.ohadr</groupId>
<artifactId>authentication-flows</artifactId>
<version>1.5.0-RELEASE</version>
</dependency>
精彩评论