`
Blackbaby
  • 浏览: 185087 次
  • 性别: Icon_minigender_1
  • 来自: 成都
社区版块
存档分类
最新评论

How do I use Form Authentication with Tomcat?

    博客分类:
  • java
阅读更多

   web.xml

   

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="tomcat-demo" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
	<servlet>
		<servlet-name>TestServlet</servlet-name>
		<servlet-class>test.TestServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>TestServlet</servlet-name>
		<url-pattern>/test</url-pattern>
	</servlet-mapping>

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>TestServlet requires authentication</web-resource-name>
			<url-pattern>/test</url-pattern>
			<http-method>GET</http-method>
			<http-method>POST</http-method>
		</web-resource-collection>

		<auth-constraint>
			<role-name>tomcat</role-name>
		</auth-constraint>

		<user-data-constraint>
			<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
			<transport-guarantee>NONE</transport-guarantee>
		</user-data-constraint>
	</security-constraint>

	<login-config>
                                <!-- BASIC,DIGEST,FORM,CLIENT-CERT-->
		<auth-method>FORM</auth-method>
		<form-login-config>
			<form-login-page>/login.html</form-login-page>
			<form-error-page>/login-failed.html</form-error-page>
		</form-login-config>
	</login-config>
</web-app>

 

  

    注:transport-guarantee的值为CONFIDENTIAL,INTEGRAL时,需要配置ssl.

 

    login.html

 

<form method="POST" action="j_security_check">
<table>
	<tr>
		<td colspan="2">Login to the Tomcat-Demo application:</td>
	</tr>
	<tr>
		<td>Name:</td>
		<td><input type="text" name="j_username" /></td>
	</tr>
	<tr>
		<td>Password:</td>
		<td><input type="password" name="j_password"/ ></td>
	</tr>
	<tr>
		<td colspan="2"><input type="submit" value="Go" /></td>
	</tr>
</table>
</form>

 

  

    login-failed.html

   

<p>
Sorry, login failed!
</p>

 

   TestServlet.java

  

package test;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class TestServlet extends HttpServlet {

	private static final long serialVersionUID = 1L;

	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
		response.setContentType("text/html");
		PrintWriter out = response.getWriter();

		out.println("Welcome '" + request.getRemoteUser() + "'");
		out.println("<br/><hr/>");

		Enumeration headerNames = request.getHeaderNames();
		while (headerNames.hasMoreElements()) {
			String headerName = (String) headerNames.nextElement();
			out.print("Header Name: <em>" + headerName);
			String headerValue = request.getHeader(headerName);
			out.print("</em>, Header Value: <em>" + headerValue);
			out.println("</em><br/>");
		}

		out.println("<br/><hr/>");
		out.println("<a href=\"logout.jsp\">Click here to log out</a>");
	}
}

 

  另:这种方式是验证是基于tomcat-users.xml,当然也可以继承org.apache.catalina.realm.DataSourceRealm.DataSourceRealm 

 

   说明:j_security_check正确的说应该是JAAS验证,原理是当用户在java程序中(正确的说通过JVM)通过网络或者IO的方式访问资源时,JVM会使用java.security.manager或者其他 java验证的类做代理去访问。在访问之前jvm会检验访问者是否有权访问。那么如何确认用户是否有权访问呢?jvm会通过 java.security.policy类查找授权用户的权限。

 

 

   参考:http://apps.hi.baidu.com/share/detail/963439

            http://download.oracle.com/javase/1.5.0/docs/guide/security/jaas/JAASRefGuide.html

分享到:
评论

相关推荐

    How to use SFTP

    The topic How to use SFTP (with client validation - password authentication) discusses the simplest form of client authentication, via password. In public key authentication, SSH clients and ...

    Moss2007下创建Form Authentication站点

    在MOSS 2007(Microsoft Office SharePoint Server 2007)中创建一个使用Form Authentication(表单验证)的站点,是为了提供一种非Windows集成身份验证的登录方式,适用于那些不依赖于Active Directory(AD)域服务...

    Tomcat Basic Form认证实例!

    在本文中,我们将深入探讨如何实现Tomcat服务器中的Basic Form认证。这是一项关键的安全机制,用于保护Web应用程序不受未经授权的访问。我们将会看到两种认证方式:Basic认证和Form认证,并结合配置文件进行实例讲解...

    tomcat Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability

    标题 "Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability" 指的是一个与Apache Tomcat服务器相关的安全问题。Apache Tomcat是广泛使用的开源Java Servlet容器,它实现了Java EE(现在称为...

    iPod_Authentication_Coprocessor_Spec

    ### iPod Authentication Coprocessor Specification详解 #### 一、概述 **iPod Authentication Coprocessor**是苹果公司(Apple Inc.)开发的一种专用芯片,用于在iPod和其他Apple设备之间进行安全的数据交换。此...

    tomcat7,tomcat8,tomcat9

    此外,Tomcat9还引入了新的部署特性,如自动检测应用更新,以及对Java EE 8的部分实现,比如JASPIC(Java Authentication and Authorization Service for Containers)和JAR签名验证。 在Eclipse中配置Tomcat的过程...

    iPod Authentication Coprocessor Spec 2.0C R1.rar_iOS通讯协议

    《iOS设备通讯协议详解——基于iPod Authentication Coprocessor Spec 2.0C R1》 在iOS设备的生态系统中,通信协议起着至关重要的作用,确保设备与各种服务、应用以及外部配件之间的无缝交互。这份名为“iPod ...

    pam_mysql_0.7RC1

    I set up saslauthd (of Cyrus-SASL) to use PAM-MySQL for authentication and noticed some authentication mechanisms such as CRAM-MD5 don't work. Why? PAM-MySQL is licensed under GNU Public License and ...

    Modern Authentication with Azure Active Directory for Web Applications

    现代云端网络攻防 Modern Authentication with Azure Active Directory for Web Applications (Developer Reference)

    Rails Recipes英文版(清晰文字pdf+源码)

    How do you use it effectively? How do you harness the power? And, most important, how do you get high quality, real-world applications written? From the latest Ajax effects to time-saving automation ...

    Rails Recipes英文版(随书源码)

    How do you use it effectively? How do you harness the power? And, most important, how do you get high quality, real-world applications written? From the latest Ajax effects to time-saving automation ...

    Introduction to Kubernetes

    Do you need guidelines on how to start transforming your organization with Kubernetes and cloud native patterns? Would you like to simplify software container orchestration and find a way to grow ...

    tomcat5/tomcat5.5安装包

    【标题】"Tomcat5/tomcat5.5安装包" 涵盖了两个不同版本的Apache Tomcat服务器,即Tomcat 5.0和Tomcat 5.5。Tomcat是一个开源的、免费的应用服务器,主要用于部署和运行Java Servlets和JavaServer Pages(JSP)。它...

    tomcat7源码下载

    Tomcat采用NIO(非阻塞I/O)或BIO(阻塞I/O)模型,Coyote连接器负责这部分实现。NIO模型在高并发环境下表现出色,因为它可以处理大量并发连接,而无需为每个连接创建新线程。 四、Tomcat7的部署与管理 Tomcat7...

    Webserver with Authentication

    Arduino Webserver with Authentication Sketch

    apache-tomcat-10.0.8.zip

    Apache Tomcat 软件是Jakarta Servlet、 Jakarta Server Pages、 Jakarta Expression Language、 Jakarta WebSocket、 Jakarta Annotations和 Jakarta Authentication 规范的开源实现 。 压缩包内容: apache-...

    tomcat 7 8 两个版本

    3. **NIO2**:Tomcat 8引入了Java NIO2 API,提供了更好的非阻塞I/O性能,尤其在高并发场景下。 4. **JASPIC(Java Authentication Service Provider Interface for Containers)**:提供了统一的认证服务提供商接口...

    apache-tomcat-10.0.20

    Apache Tomcat是一个开源的软件应用服务器,主要用于运行Java Servlets和JavaServer Pages(JSP)。在本案例中,我们讨论的是版本10.0.20,这是一个重要的更新,包含了性能改进、安全修复以及可能的新功能。Apache ...

    Quantum Authentication of Classical Messages with Perfect Security

    Quantum Authentication of Classical Messages with Perfect SecurityQuantum Authentication of Classical Messages with Perfect SecurityQuantum Authentication of Classical Messages with Perfect Security

    Tomcat安全验证机制

    ### Tomcat安全验证机制 #### 一、理解Tomcat安全验证机制 Apache Tomcat是一款开源的Servlet容器,它能够提供一个执行环境供Java Web应用程序运行。为了确保Web应用的安全性,Tomcat内置了一套安全验证机制,允许...

Global site tag (gtag.js) - Google Analytics