tomcat配置摘要认证
学习范例
tomcat自带了一套管理程序,使用的是BASIC认证,与Digest认证的设置基本一致。无论是basic还是digest,设置过程基本一致,在conf/server.xml中添加realm数据源,在{project}/WEB-INF/web.xml中添加 security-constraint 和 login-config属性
下面进行digest的设置说明
数据库配置
create table users (
user_name varchar(15) not null primary key,
user_pass varchar(15) not null
);
create table user_roles (
user_name varchar(15) not null,
role_name varchar(15) not null,
primary key (user_name, role_name)
);
建好表后添加几条数据
INSERT INTO `users` (`user_name`, `user_pass`) VALUES ('test', 'tomcat')
INSERT INTO `users` (`user_name`, `user_pass`) VALUES ('test01', 'tomcat')
INSERT INTO `user_roles` (`user_name`, `role_name`) VALUES ('test', 'admin')
INSERT INTO `user_roles` (`user_name`, `role_name`) VALUES ('test01', 'guest')
配置Realm
参考:http://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#Configuring_a_Realm
首先需要在{tomcat-root}/bin下导入所需的数据库驱动jar包,本测试使用的是mysql-connector-java-5.1.34.jar
在{tomcat-root}/conf/server.xml中,找到reaml标签进行修改
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost/authority?user=dbuser&password=dbpass"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
<!--若密码是用MD5加密 可以给realm添加属性 digest="MD5" -->
</Realm>
注:JDBCRealm外加一层LockOutRealm是为了在用户多次登录失败后,锁定用户
配置web.xml
参考{tomcat-root}/webapps/manager/WEB-INF/web.xml
<security-constraint>
<display-name>MyTest</display-name>
<web-resource-collection>
<web-resource-name>Web Page for Admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<http-method>*</http-method><!-- get post delete put ....可以进行设置只对某几种动作进行权限限制 -->
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name><!-- admin用户可使用/admin/*路径-->
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Web Page for Admin and guest</web-resource-name>
<url-pattern>/all/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>guest</role-name>
</auth-constraint>
</security-constraint>
<!-- 认证方式 -->
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>MyTest Application</realm-name>
</login-config>
Good luck!