背景:tomcat-5.5.12设置为远程服务器
服务端设置:
Step 1) 打开${tomcat_home}/conf/tomcat-users.xml
加入如下代码:
<rolerolename
=
"
test
"
/>
<userusername = " a " password = " b " roles = " test " />
<userusername = " a " password = " b " roles = " test " />
Step2)修改web.xml
<
security-constraint
>
< display-name > ExampleSecurityConstraint </ display-name >
< web-resource-collection >
< web-resource-name > ProtectedArea </ web-resource-name >
<!-- Definethecontext-relativeURL(s)tobeprotected -->
< url-pattern > /test/* </ url-pattern >
<!-- Ifyoulisthttpmethods,onlythosemethodsareprotected -->
< http-method > DELETE </ http-method >
< http-method > GET </ http-method >
< http-method > POST </ http-method >
< http-method > PUT </ http-method >
</ web-resource-collection >
< auth-constraint >
<!-- Anyonewithoneofthelistedrolesmayaccessthisarea -->
< role-name > test </ role-name >
</ auth-constraint >
</ security-constraint >
<!-- DefaultloginconfigurationusesBASICauthentication -->
< login-config >
< auth-method > BASIC </ auth-method >
< realm-name > WebServiceForm-BasedAuthenticationArea </ realm-name >
</ login-config >
< display-name > ExampleSecurityConstraint </ display-name >
< web-resource-collection >
< web-resource-name > ProtectedArea </ web-resource-name >
<!-- Definethecontext-relativeURL(s)tobeprotected -->
< url-pattern > /test/* </ url-pattern >
<!-- Ifyoulisthttpmethods,onlythosemethodsareprotected -->
< http-method > DELETE </ http-method >
< http-method > GET </ http-method >
< http-method > POST </ http-method >
< http-method > PUT </ http-method >
</ web-resource-collection >
< auth-constraint >
<!-- Anyonewithoneofthelistedrolesmayaccessthisarea -->
< role-name > test </ role-name >
</ auth-constraint >
</ security-constraint >
<!-- DefaultloginconfigurationusesBASICauthentication -->
< login-config >
< auth-method > BASIC </ auth-method >
< realm-name > WebServiceForm-BasedAuthenticationArea </ realm-name >
</ login-config >
对网站/test/下的任何请求采用基本安全认证
客户端编程:
客户端通过httpclient-2.0.2请求该url,方法如下:
HttpClienthttpClient
=
new
HttpClient();
Credentialsdefaultcreds = new UsernamePasswordCredentials( " a " , " b " );
httpClient.getState().setCredentials( " WebServiceForm-BasedAuthenticationArea " , " www.cat.cn " ,defaultcreds);
Stringurl = " http://www.cat.cn/test/index.do " ;
GetMethodmethod = new GetMethod(url);
method.setDoAuthentication( true );
httpClient.executeMethod(method);
Strings = method.getResponseBodyAsString();
System.out.println(s);
Credentialsdefaultcreds = new UsernamePasswordCredentials( " a " , " b " );
httpClient.getState().setCredentials( " WebServiceForm-BasedAuthenticationArea " , " www.cat.cn " ,defaultcreds);
Stringurl = " http://www.cat.cn/test/index.do " ;
GetMethodmethod = new GetMethod(url);
method.setDoAuthentication( true );
httpClient.executeMethod(method);
Strings = method.getResponseBodyAsString();
System.out.println(s);