转：tomcat基本安全认证

背景：tomcat-5.5.12设置为远程服务器

 

服务端设置：

 

Step 1) 打开${tomcat_home}/conf/tomcat-users.xml

加入如下代码：

<role rolename="test"/>
 <user username="a" password="b" roles="test"/>

 

Step2)修改web.xml

<security-constraint>
            <display-name>Example Security Constraint</display-name>
            <web-resource-collection>
                <web-resource-name>Protected Area</web-resource-name>
                <!-- Define the context-relative URL(s) to be protected -->
                <url-pattern>/test/*</url-pattern>
                <!-- If you list http methods, only those methods are protected -->
                <http-method>DELETE</http-method>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
            </web-resource-collection>
            <auth-constraint>
                <!-- Anyone with one of the listed roles may access this area -->
                <role-name>test</role-name>
            </auth-constraint>
        </security-constraint>
    
        <!-- Default login configuration uses BASIC authentication -->
        <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>WebService Form-Based Authentication Area</realm-name>

</login-config>

对网站/test/下的任何请求采用基本安全认证

 

客户端编程：

客户端通过httpclient-2.0.2请求该url，方法如下：

HttpClient httpClient = new HttpClient();
 
Credentials defaultcreds = new UsernamePasswordCredentials("a", "b");
httpClient.getState().setCredentials("WebService Form-Based Authentication Area","www.cat.cn",defaultcreds);
 
String url = "http://www.cat.cn/test/index.do";
 
GetMethod method = new GetMethod(url);
 
method.setDoAuthentication( true ); 
 
httpClient.executeMethod(method);
 
String s = method.getResponseBodyAsString();
 
System.out.println(s);

　　

原文地址：http://blog.csdn.net/pwlazy/article/details/1662244