将jetty url-pattern匹配到仅根目录 [英] Match jetty url-pattern to only root directory

问题描述

我只想用密码保护Jetty WebApp上下文路径中的根目录.我的上下文路径是/MyApp，所以我需要输入密码才能访问:

I would like to only password protect the root directory on my context path for a Jetty WebApp. My context path is /MyApp, so I would like to require a password for accessing:

http://localhost:8080/MyApp

但不是:

http://localhost:8080/MyApp/cometd

我当前的设置如下(请注意url模式):

My current set up is below (pay attention to the url-pattern):

<security-constraint>   
    <web-resource-collection>
        <web-resource-name>Private Page</web-resource-name>
            <url-pattern>/</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>moderator</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Test Realm</realm-name>
</login-config>

我希望这仅能根据/和/*的工作原理来正常工作.我还看到了我认为建议该资源的大量资源:

I would expect this to work just by nature of how / and /* work in general. I've also seen this resource which I believe is suggesting that this should pretty much work: http://www.coderanch.com/t/364782/Servlets/java/there-key-difference-between-url

但是，就我而言，网址格式:

However, for my case, the url patterns:

<url-pattern>/</url-pattern>

和

<url-pattern>/*</url-pattern>

似乎完全一样:

http://localhost:8080/MyApp 

和

http://localhost:8080/MyApp/cometd

均受密码保护.

当然，如果我更改为/nothingishere，则作为一项健全性测试，除了/MyApp/nothingishere以外，没有任何密码受保护

Of course, if I change to /nothingishere, just as a sanity test, nothing is password protected, except for /MyApp/nothingishere

有人知道如何仅保护Web Servlet的根目录吗?

Does anyone know how to only protect the root directory for web servlets?

推荐答案

以下是您的答案:

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
        version="3.0">
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <security-constraint>   
        <web-resource-collection>
            <web-resource-name>Private Page</web-resource-name>
            <url-pattern>/</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>moderator</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>   
        <web-resource-collection>
            <web-resource-name>Public page</web-resource-name>
            <url-pattern>/test/*</url-pattern>
        </web-resource-collection>        
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Test Realm</realm-name>
    </login-config>
</web-app>

在此配置中，根目录受密码保护，而/test/...目录不受密码保护.我认为这就是您要的.

In this configuration, the root directory is password protected and the /test/... directory is not. I think this is what you are asking for.

此配置在Tomcat 7+上进行了测试，并在NetBeans中从头开始创建了一个新项目(如果需要，我可以通过电子邮件将整个源代码发送给您).

This configuration is tested on Tomcat 7+ and a new project created from the beginning in NetBeans (I can email you the whole source if you need it).

这是输出:

这篇关于将jetty url-pattern匹配到仅根目录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！