tomcat容器验证(保护资源文件)
|
创建验证表单usercheck.jsp及错误处理页面error.jsp,表单的用户名文本框必须命名为j_username,密码文本框必须命名为j_password,表单的action必须为j_security_check.
2.在web.xml中的<web-app></web-app>添加如下代码: <security-role> <description>Baron'sroletologinadministrationapplication</description> <role-name>admin</role-name> </security-role> <security-constraint> <display-name>Baronsecurity-constraint!</display-name> <web-resource-collection> <web-resource-name>BaronProtectedArea</web-resource-name> <url-pattern>*.jsp</url-pattern> <url-pattern>*.htm</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>BaronRealm</realm-name> <form-login-config> <form-login-page>/usercheck.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config>
如果对所有的web资源都进行保护,则作如下修改: <url-pattern>/*<url-pattern> 如果通过控制资源访问方法进行保护,则在<web-resource-collection> </web-resource-colleciont>作如下修改: <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> 以上为基于表单的验证,如果改成基本验证(不安全),则作如下修改: <login-config> <auth-method>BASIC</auth-method> <realm-name>BaronRealm</realm-name> </login-config> 如果改成摘要验证,则作如下修改: <login-config> <auth-method>DIGEST</auth-method> <realm-name>BaronRealm</realm-name> </login-config> 3.1)通过内存域验证,即根据tomcat-user.xml文件中的定义来验证登陆信息 在tomcat-users.xml中进行如下修改,添加角色及用户 <tomcat-users> <rolerolename="tomcat"/> <rolerolename="role1"/> <rolerolename="admin"/> <userusername="tomcat"password="tomcat"roles="tomcat"/> <userusername="role1"password="tomcat"roles="role1"/> <userusername="both"password="tomcat"roles="tomcat,role1"/> <userusername="baron"password="baron"roles="admin"/> </tomcat-users> 在server.xml中的<Context></Context>中添加: <RealmclassName="org.apache.catalina.realm.MemoryRealm"/>
2)通过DataSource域验证
<Resourceauth="Container"name="jdbc/BaronDB"type="javax.sql.DataSource"/> <ResourceParamsname="jdbc/BaronDB"> <parameter> <name>factory</name> <value>org.apache.commons.dbcp.BasicDataSourceFactory</value> </parameter> <parameter> <name>url</name> <value>jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=guard</value> </parameter> <parameter> <name>password</name> <value>229</value> </parameter> <parameter> <name>maxWait</name> <value>10000</value> </parameter> <parameter> <name>maxActive</name> <value>100</value> </parameter> <parameter> <name>driverClassName</name> <value>com.microsoft.jdbc.sqlserver.SQLServerDriver</value> </parameter> <parameter> <name>username</name> <value>sa</value> </parameter> <parameter> <name>maxIdle</name> <value>30</value> </parameter> </ResourceParams>
<RealmclassName="org.apache.catalina.realm.DataSourceRealm"debug="99"dataSourceName="jdbc/BaronDB"userTable="b_users"userNameCol="user_name"userCredCol="user_password"userRoleTable="b_user_roles"roleNameCol="role_name"/> *.在web.xml中无须加入<resource-ref>声明对DataSource的引用 *.在页面中调用request.getRemoteUser()可得到当前访问的用户名 |