1.Tomcat默认验证的配置 通过tomcat-user.xml进行验证
server.xml
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/>
tomcat-user.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="user"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="derek" password="dada" roles="admin,user"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="admin" password="dada" roles="admin,manager"/>
</tomcat-users>
2.配置验证,通过数据库
(用户表member:帐号字段wno,密码字段password; 权限表system_permit: 权限字段system_code)
server.xml
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="net.sourceforge.jtds.jdbc.Driver"
connectionURL="jdbc:jtds:sqlserver://192.168.56.32:1433/testDB"
connectionName="sa" connectionPassword="sa"
userTable="member" userNameCol="WNO" userCredCol="Password"
userRoleTable="system_permit" roleNameCol="system_code" />
driverName 驱动名字
connectionURL 数据库连接url
connectionName 连接的用户名
connectionPassword 连接的密码
userTable 用户表
userNameCol 用户名列
userCredCol 密码列
userRoleTable 角色表
roleNameCol 角色名字字段
一 Basic验证Web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Password required</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
取得用户登陆帐号
String auth_user = null;
String auth = request.getHeader("Authorization");
String encoded = auth.substring(6);
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
String decoded = new String(dec.decodeBuffer(encoded));
String[] userAndPass = decoded.split(":", 2);
auth_user = userAndPass[0];
session.setAttribute(ADMIN_ID,auth_user);
二、FORM验证
1.准备login.jsp页面
<FORM name="logonForm" method="post" action="j_security_check">
<input name="j_username" type="text" />
<input name="j_password" type="password" />
<input type="submit" value="LOGIN"/>
</FORM>
* 帐号 j_username
* 密码 j_password
* action j_security_check
“*”内容为固定写法,不能改变
2.配置web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config> <security-role>
<role-name>admin</role-name>
</security-role>
posted on 2006-11-07 13:19
Derek.Guo 阅读(2209)
评论(0) 编辑 收藏 所属分类:
Java