<!-- 当web客户访问受保护的资源时,系统弹出登陆对话框的类型 -->
<!-- FORM:表单验证 BASIC:基本验证 DIGEST: 摘要验证-->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>tomcat</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- 设置WEB应用安全约束 -->
<!-- web-resource-name :受保护的WEB资源 -->
<!-- url-pattern :受保护的URL路径 -->
<!-- role-name :可以访问受保护资源的角色 -->
<security-constraint>
<web-resource-collection>
<web-resource-name>SSI</web-resource-name>
<url-pattern>/*</url-pattern>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.do</url-pattern>
<url-pattern>*.html</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>guest</role-name>
</auth-constraint>
</security-constraint>
<!-- 指明web应用引用的所有角色名称 -->
<security-role>
<description>admin</description>
<role-name>guest</role-name>
</security-role>
<%@ page language="java" contentType="text/html; charset=GB2312"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>login page</title>
</head>
<body>
<form action="j_security_check" method="post">
<table align="center">
<tr>
<td>username:<input type="text" name="j_username" /></td>
</tr>
<tr>
<td>password:<input type="password" name="j_password" /></td>
</tr>
<tr>
<td><input type="submit" value="login" /></td>
<td><input type="reset" value="reset" /></td>
</tr>
</table>
</form>
</body>
</html>
在tomcat 中配置角色与用户
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="admin"/>
<role rolename="guest"/>
<user username="pjb" password="1234" roles="admin"/>
<user username="oyyq" password="1234" roles="guest"/>
<user username="admin" password="1234" roles="admin"/>
</tomcat-users>