小试tomcat基本安全认证

背景：tomcat-5.5.12设置为远程服务器

服务端设置：

Step 1) 打开${tomcat_home}/conf/tomcat-users.xml

加入如下代码：

<rolerolename = " test " />
<userusername = " a " password = " b " roles = " test " />

Step2)修改web.xml

< security-constraint >
< display-name > ExampleSecurityConstraint </ display-name >
< web-resource-collection >
< web-resource-name > ProtectedArea </ web-resource-name >
<!-- Definethecontext-relativeURL(s)tobeprotected -->
< url-pattern > /test/* </ url-pattern >
<!-- Ifyoulisthttpmethods,onlythosemethodsareprotected -->
< http-method > DELETE </ http-method >
< http-method > GET </ http-method >
< http-method > POST </ http-method >
< http-method > PUT </ http-method >
</ web-resource-collection >
< auth-constraint >
<!-- Anyonewithoneofthelistedrolesmayaccessthisarea -->
< role-name > test </ role-name >
</ auth-constraint >
</ security-constraint >

<!-- DefaultloginconfigurationusesBASICauthentication -->
< login-config >
< auth-method > BASIC </ auth-method >
< realm-name > WebServiceForm-BasedAuthenticationArea </ realm-name >

</ login-config >

对网站/test/下的任何请求采用基本安全认证

客户端编程：

客户端通过httpclient-2.0.2请求该url，方法如下：

HttpClienthttpClient = new HttpClient();

Credentialsdefaultcreds = new UsernamePasswordCredentials( " a " , " b " );
httpClient.getState().setCredentials( " WebServiceForm-BasedAuthenticationArea " , " www.cat.cn " ,defaultcreds);

Stringurl = " http://www.cat.cn/test/index.do " ;

GetMethodmethod = new GetMethod(url);

method.setDoAuthentication( true );

httpClient.executeMethod(method);

Strings = method.getResponseBodyAsString();

System.out.println(s);