第一步:启用全局安全性,指定用户注册表或自定义.
第二步:在web.xml里增加安全角色
<security-constraint>
<display-name>everyone</display-name>
<web-resource-collection id="WebResourceCollection_1113720484159">
<web-resource-name>AdminPages</web-resource-name>
<url-pattern>/servlet/*</url-pattern>
<url-pattern>*.do</url-pattern>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>These are the roles who have access</description>
<role-name>All Role</role-name>
</auth-constraint>
<user-data-constraint>
<description>This is how the user data must be transmitted</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/denglu.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>All Authenticated User Role</description>
<role-name>All Role</role-name>
</security-role>
这样只有通过认证的用户才能访问受保护的资源