代码下载 http://www.blogjava.net/Files/zhaochengming/tomcat.rar
1. 给tomcat中manager添加一个Filter
注manager路径为tomcat/server/webapps/manager
package com;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class SecuritFilter implements Filter{
private FilterConfig config = null;
public void destroy() {
this.config = null;
}
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
try {
//获得验证信息
Object obj = doBackCheck(arg0,arg1);
if (obj.equals(true))
arg2.doFilter(arg0, arg1);
else
System.out.println(obj);
} catch (Exception e) {
e.printStackTrace();
}
}
public void init(FilterConfig arg0) throws ServletException {
this.config = arg0;
}
private Object doBackCheck( ServletRequest arg0, ServletResponse arg1 ) throws Exception {
//获得传过来的key
String key = arg0.getParameter("key");
//回调的路径
String backURL = arg0.getParameter("backURL");
URL url = new URL(backURL);
URLConnection con = url.openConnection();
con.setUseCaches(true);
con.setDoOutput(true);
con.setDoInput(true);
con.setRequestProperty("Content-type", "application/octest-stream");
con.setRequestProperty("Content-length", "" + -1);
ObjectOutputStream dataout = new ObjectOutputStream(con.getOutputStream());
List<Object> list = new ArrayList<Object>();
list.add("checkSecurityNo");
list.add(key);
dataout.writeObject(list);
dataout.flush();
dataout.close();
ObjectInputStream in = new ObjectInputStream(con.getInputStream());
Object obj = in.readObject();
in.close();
return obj;
}
}
2. 修改manager的web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>Tomcat Manager Application</display-name>
<description>
A scriptable management web application for the Tomcat Web Server;
Manager lets you view, load/unload/etc particular web applications.
</description>
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>com.SecuritFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Define the Manager Servlet
Change servlet-class to: org.apache.catalina.servlets.HTMLManagerServlet
to get a Servlet with a more intuitive HTML interface, don't change if you
have software that is expected to parse the output from ManagerServlet
since they're not compatible.
-->
<servlet>
<servlet-name>Manager</servlet-name>
<servlet-class>org.apache.catalina.manager.ManagerServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>HTMLManager</servlet-name>
<servlet-class>org.apache.catalina.manager.HTMLManagerServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>Status</servlet-name>
<servlet-class>org.apache.catalina.manager.StatusManagerServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>JMXProxy</servlet-name>
<servlet-class>org.apache.catalina.manager.JMXProxyServlet</servlet-class>
</servlet>
<!-- Define the Manager Servlet Mapping -->
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/list</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/sessions</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/start</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/stop</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/install</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/remove</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/deploy</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/undeploy</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/reload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/save</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/serverinfo</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/roles</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Manager</servlet-name>
<url-pattern>/resources</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Status</servlet-name>
<url-pattern>/status/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>JMXProxy</servlet-name>
<url-pattern>/jmxproxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HTMLManager</servlet-name>
<url-pattern>/html/*</url-pattern>
</servlet-mapping>
<!-- Define reference to the user database for looking up roles -->
<resource-env-ref>
<description>
Link to the UserDatabase instance from which we request lists of
defined role names. Typically, this will be connected to the global
user database with a ResourceLink element in server.xml or the context
configuration file for the Manager web application.
</description>
<resource-env-ref-name>users</resource-env-ref-name>
<resource-env-ref-type>
org.apache.catalina.UserDatabase
</resource-env-ref-type>
</resource-env-ref>
</web-app>
3. 建立一个web项目tomcat
添加1个验证的CheckServlet
添加1个调用manager的ServletA
publicclass CheckServlet extends HttpServlet {
privatestaticfinallongserialVersionUID = 1L;
@Override
protectedvoid service(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
ObjectInputStream ois = new ObjectInputStream(request.getInputStream());
response.setContentType("application/octest-stream");
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream out = new ObjectOutputStream(baos);
try {
out.writeObject(getResult((List) ois.readObject()));
} catch (Exception e) {
e.printStackTrace();
out.writeObject(null);
}
byte buf[] = baos.toByteArray();
response.setContentLength(buf.length);
ServletOutputStream servletout = response.getOutputStream();
servletout.write(buf);
servletout.close();
}
private Object getResult(List list) throws Exception {
String act = (String)list.get(0);
//如果是验证安全信息
if (act.equalsIgnoreCase("checkSecurityNo")) {
String sercurityNo = (String)list.get(1);
if (sercurityNo.equals(ServletA.SECURITY_NO))
returnnew Boolean(true);
else
returnnew Boolean(false);
}
returnnull;
}
}
publicclass ServletA extends HttpServlet {
publicstatic String SECURITY_NO = UUID.randomUUID().toString();
public ServletA() {
super();
}
publicvoid destroy() {
super.destroy();
}
publicvoid doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String url = request.getRequestURL().toString();
String projectName = request.getRequestURI().split("/")[1];
String serveltName = this.getServletName();
String serverHost = url.split(projectName)[0];
String act = request.getParameter("act");
if (act.equals("reload") || act.equals("stop")) {
this.SECURITY_NO = UUID.randomUUID().toString();
url = serverHost+"/manager/"+act+"?path=/"+projectName;
url += "&backURL="+URLEncoder.encode(serverHost+"/"+projectName+"/CheckServlet", "utf-8");
url += "&key="+this.SECURITY_NO;
URL u = new URL(url);
URLConnection con = u.openConnection();
InputStream is = con.getInputStream();
is.close();
}
}
publicvoid doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out
.println("<!DOCTYPE HTML PUBLIC ""-//W3C//DTD HTML 4.01 Transitional//EN"">");
out.println("<HTML>");
out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>");
out.println(" <BODY>");
out.print(" This is ");
out.print(this.getClass());
out.println(", using the POST method");
out.println(" </BODY>");
out.println("</HTML>");
out.flush();
out.close();
}
publicvoid init() throws ServletException {
}
}
4. 调用的时候访问/tomcat/Servlet?act=reload
放SecurityFilter的时候在manager的WEB-INF下建立一个classes文件夹,把这个文件保存为classes/com/SecurityFilter.class就可以了
</script>