Tomcat下的JAAS实例



Tomcat下的JAAS实例。

创建文件login.jsp和error.jsp

login.jsp的代码如下[c-sharp] view plaincopyprint?
01.<html>
02. <head>
03. <meta HTTP-EQUIV=”Content-Type” Content=”text-html; charset=gbk”>
04. <title>login</title>
05. </head>
06. <body>
07. <form method=”POST” action=”j_security_check”>
08. 姓名:<input type=”text” name=”j_username”/><br/>
09. 密码:<input type=”password” name=”j_password”/><br/>
10. <input type=”submit” value=”提交”/>
11. </form>
12. </body>
13.</html>
<html>
<head>
<meta HTTP-EQUIV=”Content-Type” Content=”text-html; charset=gbk”>
<title>login</title>
</head>
<body>
<form method=”POST” action=”j_security_check”>
姓名:<input type=”text” name=”j_username”/><br/>
密码:<input type=”password” name=”j_password”/><br/>
<input type=”submit” value=”提交”/>
</form>
</body>
</html> error.jsp的代码如下

[xhtml] view plaincopyprint?
01.<%@ page language=”java” import=”java.util.*” pageEncoding=”gb2312″%>
02.<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”>
03.<html>
04. <head>
05. <title>错误页面</title>
06. </head>
07. <body>
08. <center><h1><font color=”gray”>页面发生错误</font></h1></center>
09. </body>
10.</html>
<%@ page language=”java” import=”java.util.*” pageEncoding=”gb2312″%>
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”>
<html>
<head>
<title>错误页面</title>
</head>
<body>
<center><h1><font color=”gray”>页面发生错误</font></h1></center>
</body>
</html> 创建一个文件index.jsp

index.jsp代码如下

[xhtml] view plaincopyprint?01.<%@ page language=”java” import=”java.util.*” pageEncoding=”gb2312″%> 02.<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”> 03.<html> 04. <head> 05. <title>主页</title> 06. </head> 07. <body bgcolor=”#FFFFFF”> 08. request.FORM_AUTH:<%=request.FORM_AUTH%><br/> 09. request.getRemoteUser():<%=request.getRemoteUser()%><br/> 10. </body> 11.</html> <%@ page language=”java” import=”java.util.*” pageEncoding=”gb2312″%>
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”>
<html>
<head>
<title>主页</title>
</head>
<body bgcolor=”#FFFFFF”>
request.FORM_AUTH:<%=request.FORM_AUTH%><br/>
request.getRemoteUser():<%=request.getRemoteUser()%><br/>
</body>
</html> 设置配置文件

web.xml的代码如下


[xhtml] view plaincopyprint?01.<?xml version=”1.0″ encoding=”UTF-8″?> 02.<web-app version=”2.5″ 03. xmlns=”http://java.sun.com/xml/ns/javaee” 04. xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” 05. xsi:schemaLocation=”http://java.sun.com/xml/ns/javaee 06. http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd”> 07. <security-constraint> 08. <web-resource-collection> 09. <web-resource-name>protected-resource</web-resource-name> 10. <url-pattern>/*</url-pattern> 11. <http-method>HEAD</http-method> 12. <http-method>GET</http-method> 13. <http-method>POST</http-method> 14. <http-method>PUT</http-method> 15. <http-method>DELETE</http-method> 16. </web-resource-collection> 17. <auth-constraint> 18. <role-name>role1</role-name> 19. </auth-constraint> 20. <user-data-constraint> 21. <transport-guarantee>NONE</transport-guarantee> 22. </user-data-constraint> 23. </security-constraint> 24. <login-config> 25. <auth-method>FORM</auth-method> 26. <form-login-config> 27. <form-login-page>/login.jsp</form-login-page> 28. <form-error-page>/error.jsp</form-error-page> 29. </form-login-config> 30. </login-config> 31. <security-role> 32. <description>Role1</description> 33. <role-name>role1</role-name> 34. </security-role> 35.</web-app> <?xml version=”1.0″ encoding=”UTF-8″?>
<web-app version=”2.5″
xmlns=”http://java.sun.com/xml/ns/javaee”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
xsi:schemaLocation=”http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd”>
<security-constraint>
<web-resource-collection>
<web-resource-name>protected-resource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Role1</description>
<role-name>role1</role-name>
</security-role>
</web-app>
打开tomcat目录下的conf/tomcat-users.xml文件,如下内容

[c-sharp] view plaincopyprint?01.<?xml version=’1.0′ encoding=’utf-8′?> 02.<tomcat-users> 03. <role rolename=”tomcat”/> 04. <role rolename=”role1″/> 05. <user username=”tomcat” password=”tomcat” roles=”tomcat”/> 06. <user username=”role1″ password=”tomcat” roles=”role1″/> 07. <user username=”both” password=”tomcat” roles=”tomcat,role1″/> 08.</tomcat-users> <?xml version=’1.0′ encoding=’utf-8′?>
<tomcat-users>
<role rolename=”tomcat”/>
<role rolename=”role1″/>
<user username=”tomcat” password=”tomcat” roles=”tomcat”/>
<user username=”role1″ password=”tomcat” roles=”role1″/>
<user username=”both” password=”tomcat” roles=”tomcat,role1″/>
</tomcat-users>

启动tomcat,在浏览器中输入地址http://localhost:8080/JAASPrj/,显示的内容不是/web/index.html,而是login.jsp的内容,输入both或者role1的用户名和密码,将会看到web/index.html的内容,当然,如果输入错误,则会提示错误信息。验证通过后,我们可以看到如下内容:

request.FORM_AUTH:FORM

request.getRemoteUser():both //用户名