Tomcat Realm配置之JDBCRealm与UserDatabaseRealm (附BASIC、FORM认证)

Tomcat Realm配置：

1.Tomcat默认验证的配置 通过tomcat-user.xml进行验证(UserDatabaseRealm )

server.xml

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"  debug="0" resourceName="UserDatabase"/> 

<Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />

tomcat-user.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>

2.配置验证,通过数据库 (JDBCRealm)

server.xml

<Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
              driverName="com.mysql.jdbc.Driver"
              connectionURL="jdbc:mysql://localhost:3306/DBNAME"
              connectionName="name" connectionPassword="password"
              userTable="TABLE_NAME" userNameCol="COLUMN_NAME"    
              userCredCol="COLUMN_Password"
              userRoleTable="ROLE_TABLE" roleNameCol="COLUMN_ROLE" />

driverName 驱动名字

connectionURL 数据库连接url
connectionName 连接的用户名
connectionPassword 连接的密码
userTable  用户表
userNameCol 用户名列
userCredCol 密码列
userRoleTable 角色表
roleNameCol 角色名字字段


1.Basic验证
Web.xml

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>admin page</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Password required</realm-name>
  </login-config>
  <security-role>
    <role-name>admin</role-name>
  </security-role>

获取用户登陆帐号

        String auth_user  =   null ;
        String auth  =  request.getHeader( " Authorization " );
        String encoded  =  auth.substring( 6 );
        sun.misc.BASE64Decoder dec  =   new  sun.misc.BASE64Decoder();
        String decoded  =   new  String(dec.decodeBuffer(encoded));
        String[] userAndPass  =  decoded.split( " : " ,  2 );
        auth_user  =  userAndPass[ 0 ];
        session.setAttribute(ADMIN_ID,auth_user);

2.FORM验证
1.准备login.jsp页面

< FORM name = " logonForm "   method = " post "  action = " j_security_check " >
    < input name = " j_username "  type = " text "   />
    < input name = " j_password "  type = " password "   />
    < input  type = " submit "  value = " LOGIN " />
</ FORM >

*     帐号  j_username
*     密码  j_password
*     action  j_security_check 

【内容为固定写法，不能改变】

2.配置web.xml

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>admin page</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
  </login-config>  <security-role>
    <role-name>admin</role-name>
  </security-role>

参考：http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#UserDatabaseRealm