使用Tomcat实现页面访问控制主要有三种方式:
引用
- 使用JDBCRealm利用数据库控制
- 使用JNDIRealm利用远程访问控制
- 使用MemoryRealm利用tomcat-users.xml文件控制
一、使用JDBCRealm利用数据库控制
1.The meaning of the attributes is as follow:
attribute | Meaning |
driverName | The name of the driver needed to connect to the database |
connectionURL | The connection URL used to connect to the database |
userTable | The user's tables |
userNameCol | The column in the user's table that contains the name |
userCredCol | The column in the user's table that contains the password |
userRoleTable | The user's roles table |
roleNameCol | The column in the user's table that contains a role given to a user |
connectionName | The name to use when connecting to the database. (Optional) |
connectionPassword | The password to use when connecting to the database. (Optional) |
digest | The algorithm used for digest passwords or "No" for plain passwords, the values can be "MD5", "MD2", "SHA", etc... (Optional) |
2.server.xml文件配制
Java代码
- <Realm className="org.apache.catalina.realm.JDBCRealm"
- driverName="com.mysql.jdbc.Driver"
- connectionURL="jdbc:mysql://localhost:3306/globalapp"
- connectionName="root" connectionPassword="x"
- roleNameCol="role_name" userCredCol="user_pass"
- userNameCol="user_name" userRoleTable="user_roles"
- userTable="users" debug="50"/>
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost:3306/globalapp"
connectionName="root" connectionPassword="x"
roleNameCol="role_name" userCredCol="user_pass"
userNameCol="user_name" userRoleTable="user_roles"
userTable="users" debug="50"/>
引用
connectionURL、connectionName、connectionPassword不能拼在一起使用一个符串,虽然Tomcat doc上使用的是这种方法,但试了很多次都没能成功。具体原因不详。如果有高手解决还望说明一下。
3.web.xml文件配制
Xml代码
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>Global App</web-resource-name>
- <url-pattern>/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>admin</role-name>
- </auth-constraint>
- </security-constraint>
- <!-- 这是FORM验证 -->
- <login-config>
- <auth-method>FORM</auth-method>
- <realm-name>Global App DIGEST</realm-name>
- <form-login-config>
- <form-login-page>/accessConsole/login.jsp</form-login-page>
- <form-error-page>/accessConsole/error.jsp</form-error-page>
- </form-login-config>
- </login-config>
- <security-role>
- <description>
- The role that is required to log into the Global application
- </description>
- <role-name>admin</role-name>
- </security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Global App</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<!-- 这是FORM验证 -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Global App DIGEST</realm-name>
<form-login-config>
<form-login-page>/accessConsole/login.jsp</form-login-page>
<form-error-page>/accessConsole/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
The role that is required to log into the Global application
</description>
<role-name>admin</role-name>
</security-role>
4.数据库表建设
Sql代码
- create table users (
- user_name varchar(15) not null primary key,
- user_pass varchar(15) not null
- );
- create table user_roles (
- user_name varchar(15) not null,
- role_name varchar(15) not null,
- primary key (user_name, role_name)
- );
- insert into users values("xwood", "xwood");
- insert into user_roles values("xwood", "admin");
create table users (
user_name varchar(15) not null primary key,
user_pass varchar(15) not null
);
create table user_roles (
user_name varchar(15) not null,
role_name varchar(15) not null,
primary key (user_name, role_name)
);
insert into users values("xwood", "xwood");
insert into user_roles values("xwood", "admin");
这里除了采用FORM验证外还可以采用BASIC验证,别外还有一种客户端证书验证方法没有用过。采用BASIC验证方法只需要将<form-login-config>标签去掉即可。
二、使用JNDIRealm利用远程访问控制
引用
还未具体研究
三、使用MemoryRealm利用tomcat-users.xml文件控制
1.server.xml配置
Xml代码
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
- <Realm className="org.apache.catalina.realm.MemoryRealm"
- resourceName="UserDatabase"/>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
<Realm className="org.apache.catalina.realm.MemoryRealm"
resourceName="UserDatabase"/>
其中,UserDatabase在server.xml中已经完成配置
2.tomcat-users.xml配置
Xml代码
- <role rolename="admin"/>
- <role rolename="user"/>
- <user username="xwood" password="xwood" roles="admin"/>
<role rolename="admin"/>
<role rolename="user"/>
<user username="xwood" password="xwood" roles="admin"/>
3.web.xml配置
引用
与JDBCRealm相同