Tomcat - 设置 HTTP 基本认证

最新推荐文章于 2020-08-14 17:27:38 发布

weixin_30563917

最新推荐文章于 2020-08-14 17:27:38 发布

阅读量248

点赞数

文章标签： java web.xml

原文链接：http://www.cnblogs.com/huey/p/4513221.html

版权

在 Tomcat 中设置 HTTP 基本认证的示例

在 $TOMCAT_HOME\conf\tomcat-users.xml 文件中配置角色和用户：

<tomcat-users>
    <role rolename="all"/>
    <role rolename="admin"/>

    <user username="all" password="all" roles="all"/>
    <user username="admin" password="admin" roles="admin,all"/>
</tomcat-users>

新建一个 Java Web 工程，编辑 web.xml 文件。

配置 <security-constraint/> 元素，指定角色可访问的资源集和可使用的 HTTP 方法。

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Public resources</web-resource-name>
        <url-pattern>/home/*</url-pattern>
        <http-method>HEAD</http-method>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>all</role-name>
    </auth-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Secret resources</web-resource-name>
        <url-pattern>/blog/*</url-pattern>
        <url-pattern>/photo/*</url-pattern>
        <http-method>HEAD</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
</security-constraint>

配置 <login-config/> 元素，指定认证方式为基本认证，并指定安全域。

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>hueyhome</realm-name>
</login-config>

测试：

a) 无认证信息请求

C:\Users\huey>curl -I http://localhost:8080/helloweb/home/index.html
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 08:00:00 CST
WWW-Authenticate: Basic realm="hueyhome"
Content-Type: text/html;charset=utf-8
Content-Length: 951
Date: Mon, 18 May 2015 14:10:55 GMT

b) 错误认证信息请求

C:\Users\huey>curl -I -u "all:none" http://localhost:8080/helloweb/home/index.html
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 08:00:00 CST
WWW-Authenticate: Basic realm="hueyhome"
Content-Type: text/html;charset=utf-8
Content-Length: 951
Date: Mon, 18 May 2015 14:19:01 GMT

c) 正确认证信息但该用户无指定资源的访问权限

C:\Users\huey>curl -I -u "all:all" http://localhost:8080/helloweb/blog/index.html
HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 08:00:00 CST
Content-Type: text/html;charset=utf-8
Content-Length: 1057
Date: Mon, 18 May 2015 14:11:57 GMT

d) 正确认证信息且该用户无指定资源的访问权限

C:\Users\huey>curl -I -u "all:all" http://localhost:8080/helloweb/home/index.html
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 08:00:00 CST
Accept-Ranges: bytes
ETag: W/"317-1431758220112"
Last-Modified: Sat, 16 May 2015 06:37:00 GMT
Content-Type: text/html
Content-Length: 317
Date: Mon, 18 May 2015 14:11:04 GMT

转载于:https://www.cnblogs.com/huey/p/4513221.html

weixin_30563917

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Tomcat - 设置 HTTP 基本认证

在 Tomcat 中设置 HTTP 基本认证的示例在 $TOMCAT_HOME\conf\tomcat-users.xml 文件中配置角色和用户：<tomcat-users> <role rolename="all"/> <role rolename="admin"/> <user username="al...
复制链接

扫一扫