Tomcat 7的形式根据鉴别 [英] tomcat 7 Form based authentification
问题描述
给出一个Servlet HelloServlet:
given a Servlet HelloServlet:
@WebServlet("/HelloServlet")
public class HelloServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* Default constructor.
*/
public HelloServlet() {
// TODO Auto-generated constructor stub
}
@Override
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
System.out.print("hello my Friend: " + request.getRemoteUser());
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("This is the Test Servlet");
Enumeration headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
String headerName = (String) headerNames.nextElement();
out.print("<br/>Header Name: <em>" + headerName);
String headerValue = request.getHeader(headerName);
out.print("</em>, Header Value: <em>" + headerValue);
out.println("</em>");
}
}
....
}
在web.xml中声明的tomcat的安全策略:
with a declared tomcat security policy in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>my application</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-failed.jsp</form-error-page>
</form-login-config>
</login-config>
和在CONF / Tomcat的users.xml中Tomcat的角色定义
and tomcat-roles definitions in conf/tomcat-users.xml
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
在server.xml中的境界是:
the realm in "server.xml" is:
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
,我试图与本地主机URL来访问这个ServletHelloServlet/ jsfWorkgroup / HelloServlet。
,I tried to access the Servlet "HelloServlet" with url localhost/jsfWorkgroup/HelloServlet.
像预期的那样,我是(重新)定向到登录页面:
like expected, I am (re)directed to the login-page:
<form method="POST" action="j_security_check">
<table>
<tr>
<td colspan="2">Login to the Tomcat-Demo application:</td>
</tr>
<tr>
<td>Name:</td>
<td><input type="text" name="j_username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password"/ ></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Go" /></td>
</tr>
</table>
</form>
无论ID令牌我使用的:
No matter which id-Token I used:
- 用户名:tomcat的内容从此开始:tomcat的
- 用户名:无论内容从此开始:tomcat的
我还是走到了失败/login-failed.jsp。
I still come to the failure /login-failed.jsp.
下面是我对这样的:tomcat的行为对我重定向到登录页面,但不读通过conf / tomcat的-users.xml中为有效我的登录(即使经过多次重新启动)。
here is my take on this: tomcat acts on redirect me to the to login page, but does not read the conf/tomcat-users.xml to valid my login(even after several reboots).
你有什么感想呢?
配置:Tomcat的7.0.23,Eclipse的靛蓝
configuration: Tomcat 7.0.23, Eclipse-Indigo
推荐答案
下面以@命题PD40我试过的例子/ JSP /安全/保护/例子,但不是在Eclipse IDE Tomcat所在通常与其他一起嵌入服务器(Glassfish的,JBoss的,等..),而我开始Tomcat服务器作为独立(在/ bin目录下)..有它的作品。
following to proposition of @pd40 I tried the examples/jsp/security/protected/ examples but not in the Eclipse IDE where Tomcat is usually embedded along with the other servers (Glassfish, JBoss, ect..) , rather I started the tomcat server as standalone (in its /bin directory) .. and there it works.
,但是当它的attemped运行安全基于在Tomcat的Eclipse内Web的应用程序,它再次失败,即使使用上述结构
but when it's attemped to run security based Web-application in Tomcat within Eclipse, it failed again, even using the configuration described above.
当Tomcat运行Eclipse之外,我不知道如果我是正确的,但网络应用程序安全性时,才支持。
I don't know if I am right but Web-Application Security is only supported when tomcat runs outside of eclipse..
这篇关于Tomcat 7的形式根据鉴别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
