- 浏览: 185001 次
- 性别:
- 来自: 成都
文章分类
最新评论
-
donggongai:
Blackbaby 写道mazhi4562qq 写道moist ...
openfire集成现有系统的用户表 -
Blackbaby:
mazhi4562qq 写道moistrot 写道哥们,你集成 ...
openfire集成现有系统的用户表 -
mazhi4562qq:
moistrot 写道哥们,你集成成功了吗?我这样集成之后,登 ...
openfire集成现有系统的用户表 -
dxcsingle:
哥们 我如今也遇到这个问题 能讲哈怎么处理么?
openfire集成现有系统的用户表 -
hooktoo:
该例子有很严重的问题,java没释放内存
JNative dll回调函数使用实例
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app id="tomcat-demo" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <servlet> <servlet-name>TestServlet</servlet-name> <servlet-class>test.TestServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>TestServlet</servlet-name> <url-pattern>/test</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>TestServlet requires authentication</web-resource-name> <url-pattern>/test</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>tomcat</role-name> </auth-constraint> <user-data-constraint> <!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE --> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <!-- BASIC,DIGEST,FORM,CLIENT-CERT--> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/login-failed.html</form-error-page> </form-login-config> </login-config> </web-app>
注:transport-guarantee的值为CONFIDENTIAL,INTEGRAL时,需要配置ssl.
login.html
<form method="POST" action="j_security_check"> <table> <tr> <td colspan="2">Login to the Tomcat-Demo application:</td> </tr> <tr> <td>Name:</td> <td><input type="text" name="j_username" /></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="j_password"/ ></td> </tr> <tr> <td colspan="2"><input type="submit" value="Go" /></td> </tr> </table> </form>
login-failed.html
<p> Sorry, login failed! </p>
TestServlet.java
package test; import java.io.IOException; import java.io.PrintWriter; import java.util.Enumeration; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class TestServlet extends HttpServlet { private static final long serialVersionUID = 1L; protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("Welcome '" + request.getRemoteUser() + "'"); out.println("<br/><hr/>"); Enumeration headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { String headerName = (String) headerNames.nextElement(); out.print("Header Name: <em>" + headerName); String headerValue = request.getHeader(headerName); out.print("</em>, Header Value: <em>" + headerValue); out.println("</em><br/>"); } out.println("<br/><hr/>"); out.println("<a href=\"logout.jsp\">Click here to log out</a>"); } }
另:这种方式是验证是基于tomcat-users.xml,当然也可以继承org.apache.catalina.realm.DataSourceRealm.DataSourceRealm
说明:j_security_check正确的说应该是JAAS验证,原理是当用户在java程序中(正确的说通过JVM)通过网络或者IO的方式访问资源时,JVM会使用java.security.manager或者其他 java验证的类做代理去访问。在访问之前jvm会检验访问者是否有权访问。那么如何确认用户是否有权访问呢?jvm会通过 java.security.policy类查找授权用户的权限。
参考:http://apps.hi.baidu.com/share/detail/963439
http://download.oracle.com/javase/1.5.0/docs/guide/security/jaas/JAASRefGuide.html
发表评论
-
FreeMarker 模板文件 路径设置
2013-09-23 16:17 16371.freemarker 模板文件路径设置 ... -
关于JVM说明的摘要
2012-03-15 15:00 969If the JVM is launched w ... -
Disabling Certificate Validation in an HTTPS Connection
2011-12-09 13:49 1203final static HostnameVerifi ... -
[Maven]eclipse中的java项目转化成java ee项目
2011-11-22 15:25 1041mvn eclipse:eclipse -Dwtp ... -
Base62
2011-11-19 11:10 1622public class Base62 { pri ... -
poi 解析excel
2011-04-06 18:13 1381package com.synnex.web.c ... -
Ant with Maven environment
2011-02-16 14:36 939<?xml version="1.0" ... -
How can I setup my BlazeDS implementation with Log4J?
2011-01-25 16:09 926Out of box BlazeDS does no ... -
windows批处理命令执行java程序
2011-01-17 23:23 1629window auto.bat文件内容: ... -
How to specify firstDayOfWeek for java.util.Calendar using a JVM argument
2011-01-14 22:47 867Question: I'm trying t ... -
收集的工具方法
2011-01-09 23:19 854package org.codehaus.jackson.ut ... -
Creating a Thread Pool with Java
2010-12-19 22:08 1159As you can see, a thread pool i ... -
JBoss-4.2.3GA配置MySQL数据库连接池
2010-07-23 10:30 13481.将mysql的JDBC驱动放到的JBOSS_HOME\se ... -
svn插件导致eclipse崩溃
2010-06-10 10:19 1201从 http://subclipse.tigris.org/u ... -
Web 开发中的调试利器--tcptrace
2010-04-16 10:41 1007Web 开发中的调试利器--tcptrace -
Tomcat6 Support JTA with JOTM
2010-04-07 11:47 18351 jotm jars into tomcat6/lib ... -
Fire Workflow工作流脚本
2010-03-10 16:43 956Fire Workflow 中的七张表脚本: Orale: ... -
java实现类似函数式语言的map/filter功能
2010-03-02 23:13 1140http://www.jdon.com/jivejdon/th ... -
comet网站
2010-01-07 15:20 138http://www.lightstreamer.com/ ... -
jsp中pageEncoding、charset=utf8"、(request/response).setCharacterEncoding("utf8")
2009-11-26 09:22 3223原文地址:http://hi.baidu. ...
相关推荐
The topic How to use SFTP (with client validation - password authentication) discusses the simplest form of client authentication, via password. In public key authentication, SSH clients and ...
在MOSS 2007(Microsoft Office SharePoint Server 2007)中创建一个使用Form Authentication(表单验证)的站点,是为了提供一种非Windows集成身份验证的登录方式,适用于那些不依赖于Active Directory(AD)域服务...
在本文中,我们将深入探讨如何实现Tomcat服务器中的Basic Form认证。这是一项关键的安全机制,用于保护Web应用程序不受未经授权的访问。我们将会看到两种认证方式:Basic认证和Form认证,并结合配置文件进行实例讲解...
标题 "Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability" 指的是一个与Apache Tomcat服务器相关的安全问题。Apache Tomcat是广泛使用的开源Java Servlet容器,它实现了Java EE(现在称为...
### iPod Authentication Coprocessor Specification详解 #### 一、概述 **iPod Authentication Coprocessor**是苹果公司(Apple Inc.)开发的一种专用芯片,用于在iPod和其他Apple设备之间进行安全的数据交换。此...
此外,Tomcat9还引入了新的部署特性,如自动检测应用更新,以及对Java EE 8的部分实现,比如JASPIC(Java Authentication and Authorization Service for Containers)和JAR签名验证。 在Eclipse中配置Tomcat的过程...
《iOS设备通讯协议详解——基于iPod Authentication Coprocessor Spec 2.0C R1》 在iOS设备的生态系统中,通信协议起着至关重要的作用,确保设备与各种服务、应用以及外部配件之间的无缝交互。这份名为“iPod ...
I set up saslauthd (of Cyrus-SASL) to use PAM-MySQL for authentication and noticed some authentication mechanisms such as CRAM-MD5 don't work. Why? PAM-MySQL is licensed under GNU Public License and ...
现代云端网络攻防 Modern Authentication with Azure Active Directory for Web Applications (Developer Reference)
How do you use it effectively? How do you harness the power? And, most important, how do you get high quality, real-world applications written? From the latest Ajax effects to time-saving automation ...
How do you use it effectively? How do you harness the power? And, most important, how do you get high quality, real-world applications written? From the latest Ajax effects to time-saving automation ...
Do you need guidelines on how to start transforming your organization with Kubernetes and cloud native patterns? Would you like to simplify software container orchestration and find a way to grow ...
【标题】"Tomcat5/tomcat5.5安装包" 涵盖了两个不同版本的Apache Tomcat服务器,即Tomcat 5.0和Tomcat 5.5。Tomcat是一个开源的、免费的应用服务器,主要用于部署和运行Java Servlets和JavaServer Pages(JSP)。它...
Tomcat采用NIO(非阻塞I/O)或BIO(阻塞I/O)模型,Coyote连接器负责这部分实现。NIO模型在高并发环境下表现出色,因为它可以处理大量并发连接,而无需为每个连接创建新线程。 四、Tomcat7的部署与管理 Tomcat7...
Arduino Webserver with Authentication Sketch
Apache Tomcat 软件是Jakarta Servlet、 Jakarta Server Pages、 Jakarta Expression Language、 Jakarta WebSocket、 Jakarta Annotations和 Jakarta Authentication 规范的开源实现 。 压缩包内容: apache-...
3. **NIO2**:Tomcat 8引入了Java NIO2 API,提供了更好的非阻塞I/O性能,尤其在高并发场景下。 4. **JASPIC(Java Authentication Service Provider Interface for Containers)**:提供了统一的认证服务提供商接口...
Apache Tomcat是一个开源的软件应用服务器,主要用于运行Java Servlets和JavaServer Pages(JSP)。在本案例中,我们讨论的是版本10.0.20,这是一个重要的更新,包含了性能改进、安全修复以及可能的新功能。Apache ...
Quantum Authentication of Classical Messages with Perfect SecurityQuantum Authentication of Classical Messages with Perfect SecurityQuantum Authentication of Classical Messages with Perfect Security
### Tomcat安全验证机制 #### 一、理解Tomcat安全验证机制 Apache Tomcat是一款开源的Servlet容器,它能够提供一个执行环境供Java Web应用程序运行。为了确保Web应用的安全性,Tomcat内置了一套安全验证机制,允许...