NetBeans Tomcat Jsp mysql表单登录和会话 [英] NetBeans Tomcat Jsp mysql forms login and session

问题描述

我在Tomcat 8.0.15，MySql(带有Jconnector)，Servlet/Jsp上有一个NetBeans Web项目. 我需要安全的登录信息！

I have a NetBeans web project on Tomcat 8.0.15, MySql (with Jconnector), Servlet/Jsp. I need a secure login!!!

有一个登录页面.成功登录后，如果是admin，则servlet重定向到管理页面；如果用户名是standardUser，则servlet重定向到主页.

There is a login page. On successful login, if it is admin, servlet redirects to the admin page, if username is of a standardUser, the servlet redirects to the main page.

目前没有任何效果.该页面没有被servlet重定向，在提交按钮上按error.html并显示 response.getStatus()为0 ！！！！ 我测试了(无需登录)servlet对数据库的用户名/密码检查，并且它有效.

For now nothing works. The page is not redirected by servlet, on submit button press the error.html appears and shows response.getStatus() is 0!!! I tested(without login) servlet for username/password check against the DB and it works.

所以这是我的代码文件: login.jsp:

so Here is my code files: login.jsp:

<form id="loginForm" method="POST" action="j_security_check">
                        <input name="j_username" id="j_username" type="email" value="test.admin@test.com"></input>
                        <input name="j_password" id="j_password" type="password" value="test"></input>
                        <input id="loginSubmit" type="submit" value="Login"></input></form>

web.xml:

  <servlet>
        <servlet-name>LoginServlet</servlet-name>
        <servlet-class>ProjectP.Auth</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>LoginServlet</servlet-name>
        <url-pattern>/j_servlet_check</url-pattern>
    </servlet-mapping>
<session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>Login.jsp</welcome-file>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>MyDatabase</realm-name>
        <form-login-config>
            <form-login-page>/Login.jsp</form-login-page>
            <form-error-page>/Error.html</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description>Web Site Administrator</description>
        <role-name>admin</role-name>
    </security-role>
    <security-role>
        <description>Stansard user</description>
        <role-name>user</role-name>
    </security-role>
    <security-constraint>
        <web-resource-collection>
           <web-resource-name>ProjectP</web-resource-name>
           <url-pattern>/adminpages/*</url-pattern>
           <url-pattern>/userpages/*</url-pattern>
           <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
           <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
           <web-resource-name>ProjectP</web-resource-name>
           <url-pattern>/userpages/*</url-pattern>
           <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
           <role-name>user</role-name>
        </auth-constraint>
    </security-constraint>
    <resource-ref>
        <description>DB Connection</description>
        <res-ref-name>MyDatabase</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Container</res-auth>
    </resource-ref>
</web-app>

Context.xml:

Context.xml:

<Context antiJARLocking="true" path="/ProjectP" allowCasualMultipartParsing="true" >
    <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver"
               name="MyDatabase" type="javax.sql.DataSource"
               connectionURL="jdbc:mysql://localhost:3306/mydatabase" 
                   connectionName="root" connectionPassword="sa" 
                   userTable="administrators" userNameCol="username" userCredCol="password"
                   userRoleTable="userroles" roleNameCol="role"
                   auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000"/>  
</Context>

LoginServlet.java:

LoginServlet.java:

@WebServlet("/j_servlet_check/*")
@MultipartConfig
public class LoginServlet extends HttpServlet {
protected void doPost(HttpS .......
response.setContentType("text/html;charset=UTF-8"); //text/plain
if (checkLoginUser(request.getParameter("j_username"), password)) { //it works for sure, tested...
request.getSession().setAttribute( "username", username );
request.getRequestDispatcher("../admin/Administration.jsp").forward(request, response);

context.xml-是否需要领域?

Is context.xml - realm needed?

那么，如何创建安全登录名?

So, how to create a secure login?

j_security_check如何连接到MySql数据库！? -也许那是登录后显示的问题错误页面??

How j_security_check connects to my MySql database!? - maybe that' the problem error page shows after login...?

推荐答案

在context.xml中

In context.xml

<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="true" path="/myDBname" allowCasualMultipartParsing="true" >
    <Realm className="org.apache.catalina.realm.CombinedRealm" >
        <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver"
               name="myDBname" type="javax.sql.DataSource"
               connectionURL="jdbc:mysql://localhost:3306/mydbname" 
               connectionName="root" connectionPassword="sasa" 
               userTable="administrators" userNameCol="Email" userCredCol="Password"
               userRoleTable="administrators" roleNameCol="LoginRole"
               auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000" digest="MD5"/>
        <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver"
               name="myDBname" type="javax.sql.DataSource"
               connectionURL="jdbc:mysql://localhost:3306/mydbname" 
               connectionName="root" connectionPassword="sasa" 
               userTable="users" userNameCol="Email" userCredCol="Password"
               userRoleTable="users" roleNameCol="LoginRole"
               auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000" digest="MD5"/>
    </Realm>               
</Context>

web.xml

<resource-ref>
    <description>DB Connection</description>
    <res-ref-name>myDBname</res-ref-name>
    <res-type>javax.sql.DataSource</res-type>
    <res-auth>Container</res-auth>
</resource-ref>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>myDBname</realm-name>
    <form-login-config>
        <form-login-page>/pages/Login.jsp</form-login-page>
        <form-error-page>/pages/Error.jsp</form-error-page>
    </form-login-config>
</login-config>
<security-role>
    <description>Administrator</description>
    <role-name>admin</role-name>
</security-role>
<security-constraint>
    <web-resource-collection>
       <web-resource-name>myDBname</web-resource-name>
       <url-pattern>/pages/admin/*</url-pattern>
       <http-method>POST</http-method>
       <http-method>GET</http-method>
       <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
       <role-name>admin</role-name>
    </auth-constraint>
</security-constraint>
<welcome-file-list>
    <welcome-file>pages/home.jsp</welcome-file>
</welcome-file-list>

将mysql-connector-java-5.1.23-bin.jar复制到C:\ Program Files \ Apache Software Foundation \ Apache Tomcat 8.0.15 \ lib

Copied mysql-connector-java-5.1.23-bin.jar into C:\Program Files\Apache Software Foundation\Apache Tomcat 8.0.15\lib

我还使用<%= request.getContextPath() %>以便将资源连接到页面

I also use <%= request.getContextPath() %> in order to connect resources to pages

<link href="<%= request.getContextPath() %>/resources/styles/main.css" rel="stylesheet" type="text/css"/>

要使用MD5哈希存储密码的Java代码:

Java code To store password using MD5 hash:

String passwordHash = org.apache.catalina.realm.RealmBase.Digest(password, "md5", "utf-8");

然后将passwordHash写入数据库...

And write the passwordHash to the database...

这篇关于NetBeans Tomcat Jsp mysql表单登录和会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！