1.Tomcat默认验证的配置 通过tomcat-user.xml进行验证
server.xml
<
Realm className
=
"
org.apache.catalina.realm.UserDatabaseRealm
"
debug
=
"
0
"
resourceName
=
"
UserDatabase
"
/>
tomcat-user.xml
<?
xml version
=
'
1.0
'
encoding
=
'
utf-8
'
?>
< tomcat - users >
< role rolename = " user " />
< role rolename = " tomcat " />
< role rolename = " role1 " />
< role rolename = " manager " />
< role rolename = " admin " />
< user username = " derek " password = " dada " roles = " admin,user " />
< user username = " tomcat " password = " tomcat " roles = " tomcat " />
< user username = " role1 " password = " tomcat " roles = " role1 " />
< user username = " both " password = " tomcat " roles = " tomcat,role1 " />
< user username = " admin " password = " dada " roles = " admin,manager " />
</ tomcat - users >
< tomcat - users >
< role rolename = " user " />
< role rolename = " tomcat " />
< role rolename = " role1 " />
< role rolename = " manager " />
< role rolename = " admin " />
< user username = " derek " password = " dada " roles = " admin,user " />
< user username = " tomcat " password = " tomcat " roles = " tomcat " />
< user username = " role1 " password = " tomcat " roles = " role1 " />
< user username = " both " password = " tomcat " roles = " tomcat,role1 " />
< user username = " admin " password = " dada " roles = " admin,manager " />
</ tomcat - users >
2.配置验证,通过数据库
(用户表member:帐号字段wno,密码字段password; 权限表system_permit: 权限字段system_code)
server.xml
<
Realm className
=
"
org.apache.catalina.realm.JDBCRealm
"
debug
=
"
99
"
driverName = " net.sourceforge.jtds.jdbc.Driver "
connectionURL = " jdbc:jtds:sqlserver://192.168.56.32:1433/testDB "
connectionName = "sa " connectionPassword = " sa "
userTable = " member " userNameCol = " WNO " userCredCol = " Password "
userRoleTable = " system_permit " roleNameCol = " system_code " />
driverName 驱动名字
driverName = " net.sourceforge.jtds.jdbc.Driver "
connectionURL = " jdbc:jtds:sqlserver://192.168.56.32:1433/testDB "
connectionName = "sa " connectionPassword = " sa "
userTable = " member " userNameCol = " WNO " userCredCol = " Password "
userRoleTable = " system_permit " roleNameCol = " system_code " />
connectionURL 数据库连接url
connectionName 连接的用户名
connectionPassword 连接的密码
userTable 用户表
userNameCol 用户名列
userCredCol 密码列
userRoleTable 角色表
roleNameCol 角色名字字段
一 Basic验证
Web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Password required</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
取得用户登陆帐号
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Password required</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
String auth_user
=
null
;
String auth = request.getHeader( " Authorization " );
String encoded = auth.substring( 6 );
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
String decoded = new String(dec.decodeBuffer(encoded));
String[] userAndPass = decoded.split( " : " , 2 );
auth_user = userAndPass[ 0 ];
session.setAttribute(ADMIN_ID,auth_user);
String auth = request.getHeader( " Authorization " );
String encoded = auth.substring( 6 );
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
String decoded = new String(dec.decodeBuffer(encoded));
String[] userAndPass = decoded.split( " : " , 2 );
auth_user = userAndPass[ 0 ];
session.setAttribute(ADMIN_ID,auth_user);
二、FORM验证
1.准备login.jsp页面
<
FORM name
=
"
logonForm
"
method
=
"
post
"
action
=
"
j_security_check
"
>
< input name = " j_username " type = " text " />
< input name = " j_password " type = " password " />
< input type = " submit " value = " LOGIN " />
</ FORM >
* 帐号 j_username
< input name = " j_username " type = " text " />
< input name = " j_password " type = " password " />
< input type = " submit " value = " LOGIN " />
</ FORM >
* 密码 j_password
* action j_security_check
“*”内容为固定写法,不能改变
2.配置web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config> <security-role>
<role-name>admin</role-name>
</security-role>
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config> <security-role>
<role-name>admin</role-name>
</security-role>