Tomcat配置Basic Authentication

Tomcat配置Basic Authentication

创建Web App

首先准备一个Tomcat环境，这里使用的Tomcat7.x。

创建一个简单的web app用来测试，这里假定使用myapp。

添加依赖库

因为需要获取用户登录的用户名和密码，所以使用了apache的commons-codec库来解码，可以从apache的网站上下载commons-codec-1.10.jar包，并放到myapp/WEB-INF/lib目录下。

配置用户/密码/角色

修改Tomcat的conf目录下的tomcat-users.xml文件，内容如下：

<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="manager"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="manager" password="manager" roles="manager"/>
tomcat-users>

配置web

修改myapp/WEB-INF/web.xml文件

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
  version="3.0" metadata-complete="true">

    <description>myappdescription>
    <display-name>myappdisplay-name>

    <security-constraint>
        <display-name>Security Constraintdisplay-name>
        <web-resource-collection>
            <web-resource-name>Protected Areaweb-resource-name>
            <url-pattern>/*url-pattern>
            <http-method>DELETEhttp-method>
            <http-method>GEThttp-method>
            <http-method>POSThttp-method>
            <http-method>PUThttp-method>
        web-resource-collection>
        <auth-constraint>
            <role-name>tomcatrole-name>
            <role-name>managerrole-name>
        auth-constraint>
    security-constraint>

    <login-config>
        <auth-method>BASICauth-method>
    login-config>

    <security-role>
      <role-name>tomcatrole-name>
    security-role>
    <security-role>
      <role-name>managerrole-name>
    security-role>

    <welcome-file-list>
        <welcome-file>index.jspwelcome-file>
    welcome-file-list>

web-app>

测试页面

添加一个测试页面index.jsp，内容如下：

<%@page language="java" import="java.util.*" %>
<%@page language="java" import="org.apache.commons.codec.binary.Base64" %>

<%
    Enumeration headerNames = request.getHeaderNames();
    while (headerNames.hasMoreElements()) {
        String headerName = (String) headerNames.nextElement();
        String headerValue = request.getHeader(headerName);
        out.println(headerName + ": " + headerValue + "
");
    }

    out.println("
");

    String authHeader = request.getHeader("authorization");
    String encodedValue = authHeader.split(" ")[1];
    out.println(new String(Base64.decodeBase64(encodedValue)));

%>

测试

使用浏览器访问http://localhost:8080/myapp/，此时会弹出一个窗口提示输入用户名和密码，使用tomcat/tomcat或者manager/manager进行登录，登录成功后页面显示如下内容，最下方是解码后的用户名和密码。

accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
accept-language: zh-Hans-CN,zh-Hans;q=0.8,en-US;q=0.5,en;q=0.3
user-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3)
accept-encoding: gzip, deflate
host: 192.168.0.41:8080
connection: Keep-Alive
cookie: JSESSIONID=6AE4989CC03AD16468D2686A717FAE97; jhsessionId=EE8026D614FD04F8CC825E35230DE7CB
authorization: Basic dG9tY2F0OnRvbWNhdA==

--------------------------------------------------------------------------------
tomcat:tomcat 

转载请以链接形式标明本文地址
本文地址：http://blog.csdn.net/kongxx/article/details/50911018