Tomcat Realm配置:
1.Tomcat默认验证的配置 通过tomcat-user.xml进行验证(UserDatabaseRealm)
server.xml
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" />tomcat-user.xml
<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="tomcat" roles="tomcat"/> <user username="both" password="tomcat" roles="tomcat,role1"/> <user username="role1" password="tomcat" roles="role1"/> </tomcat-users>2.配置验证,通过数据库 (JDBCRealm)
server.xml
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="com.mysql.jdbc.Driver" connectionURL="jdbc:mysql://localhost:3306/DBNAME" connectionName="name" connectionPassword="password" userTable="TABLE_NAME" userNameCol="COLUMN_NAME" userCredCol="COLUMN_Password" userRoleTable="ROLE_TABLE" roleNameCol="COLUMN_ROLE" />driverName 驱动名字
connectionURL 数据库连接urlconnectionName 连接的用户名
connectionPassword 连接的密码
userTable 用户表
userNameCol 用户名列
userCredCol 密码列
userRoleTable 角色表
roleNameCol 角色名字字段
1.Basic验证
Web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Password required</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Password required</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
获取用户登陆帐号
Stringauth_user
=
null
;
Stringauth = request.getHeader( " Authorization " );
Stringencoded = auth.substring( 6 );
sun.misc.BASE64Decoderdec = new sun.misc.BASE64Decoder();
Stringdecoded = new String(dec.decodeBuffer(encoded));
String[]userAndPass = decoded.split( " : " , 2 );
auth_user = userAndPass[ 0 ];
session.setAttribute(ADMIN_ID,auth_user);
Stringauth = request.getHeader( " Authorization " );
Stringencoded = auth.substring( 6 );
sun.misc.BASE64Decoderdec = new sun.misc.BASE64Decoder();
Stringdecoded = new String(dec.decodeBuffer(encoded));
String[]userAndPass = decoded.split( " : " , 2 );
auth_user = userAndPass[ 0 ];
session.setAttribute(ADMIN_ID,auth_user);
2.FORM验证
1.准备login.jsp页面
<
FORMname
=
"
logonForm
"
method
=
"
post
"
action
=
"
j_security_check
"
>
< inputname = " j_username " type = " text " />
< inputname = " j_password " type = " password " />
< inputtype = " submit " value = " LOGIN " />
</ FORM >
* 帐号j_username
< inputname = " j_username " type = " text " />
< inputname = " j_password " type = " password " />
< inputtype = " submit " value = " LOGIN " />
</ FORM >
* 密码j_password
* actionj_security_check
【内容为固定写法,不能改变】
<security-constraint>
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config> <security-role>
<role-name>admin</role-name>
</security-role>
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config> <security-role>
<role-name>admin</role-name>
</security-role>
参考:http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#UserDatabaseRealm