为Tomcat页面设置访问权限(HTTP)

web.xml:

 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 3     xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
 4     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
 5     id="WebApp_ID" version="2.5">
 6     <display-name>webAuthentification</display-name>
 7     <welcome-file-list>
 8         <welcome-file>index.html</welcome-file>
 9         <welcome-file>index.htm</welcome-file>
10         <welcome-file>index.jsp</welcome-file>
11         <welcome-file>default.html</welcome-file>
12         <welcome-file>default.htm</welcome-file>
13         <welcome-file>default.jsp</welcome-file>
14     </welcome-file-list>
15     <security-constraint>
16         <web-resource-collection>
17             <web-resource-name>admin</web-resource-name>
18             <url-pattern>/views/admin/*</url-pattern>
19         </web-resource-collection>
20         <auth-constraint>
21             <role-name>admin</role-name>
22         </auth-constraint>
23     </security-constraint>
24     <security-constraint>
25         <web-resource-collection>
26             <web-resource-name>user</web-resource-name>
27             <url-pattern>/views/user/*</url-pattern>
28         </web-resource-collection>
29         <auth-constraint>
30             <role-name>user</role-name>
31         </auth-constraint>
32     </security-constraint>
33 
34     <login-config>
35         <auth-method>FORM</auth-method>
36         <realm-name>TOMCAT FORM认证</realm-name>
37         <form-login-config>
38             <form-login-page>/views/common/login.jsp</form-login-page>
39             <form-error-page>/views/common/error.jsp</form-error-page>
40         </form-login-config>
41     </login-config>
42 
43     <security-role>
44         <role-name>admin</role-name>
45     </security-role>
46     <security-role>
47         <role-name>user</role-name>
48     </security-role>
49 </web-app>

与BASIC认证不同的主要是<login-config/>这一块,修改为FORM认证,并指定响应的登陆页面和登陆失败后的页面。

要注意登陆页面中用户名的name必须是j_username,密码的name必须是j_password,Form的action必须是j_security_check.

例子:

 1 <?xml version="1.0" encoding="GB18030" ?>
 2 <%@ page language="java" contentType="text/html; charset=GB18030"
 3     pageEncoding="GB18030"%>
 4 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 5 <html xmlns="http://www.w3.org/1999/xhtml"
 6     xmlns:f="http://java.sun.com/jsf/core"
 7     xmlns:h="http://java.sun.com/jsf/html">
 8 <head>
 9 <meta http-equiv="Content-Type" content="text/html; charset=GB18030" />
10 <title>Login Page</title>
11 </head>
12 <body>
13 <form method=post
14     action='<%=response.encodeURL("j_security_check")%>'>
15 <table border="0" cellspacing="5">
16     <tr>
17         <th align="right">Username:</th>
18         <td align="left"><input type="text" name="j_username"/></td>
19     </tr>
20     <tr>
21         <th align="right">Password:</th>
22         <td align="left"><input type="password" name="j_password"/></td>
23     </tr>
24     <tr>
25         <td align="right"><input type="submit" value="Log In"/></td>
26         <td align="left"><input type="reset"/></td>
27     </tr>
28 </table>
29 </form>
30 </body>
31 </html>

这样就ok了,在访问一个<web-resource-collection/>指定的受保护的资源时,会先跳转到登陆页面登陆,登陆失败则调整到失败页面;登陆成功则访问登陆之前的页面。

注意,如果是Eclipse集成的TOMCAT则认证总是失败,必须是启动安装的tomcat的bin/start.bat。

posted @ 2013-12-19 17:23  烟花易冷丶人心易凉  阅读(1802)  评论(0编辑  收藏  举报