随笔-86  评论-33  文章-0  trackbacks-0

1.Tomcat默认验证的配置 通过tomcat-user.xml进行验证

server.xml
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"  debug="0" resourceName="UserDatabase"/>
tomcat-user.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  
<role rolename="user"/>
  
<role rolename="tomcat"/>
  
<role rolename="role1"/>
  
<role rolename="manager"/>
  
<role rolename="admin"/>
  
<user username="derek" password="dada" roles="admin,user"/>
  
<user username="tomcat" password="tomcat" roles="tomcat"/>
  
<user username="role1" password="tomcat" roles="role1"/>
  
<user username="both" password="tomcat" roles="tomcat,role1"/>
  
<user username="admin" password="dada" roles="admin,manager"/>
</tomcat-users>

2.配置验证,通过数据库
(用户表member:帐号字段wno,密码字段password; 权限表system_permit: 权限字段system_code)
server.xml
<Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
             driverName
="net.sourceforge.jtds.jdbc.Driver"
          connectionURL
="jdbc:jtds:sqlserver://192.168.56.32:1433/testDB"
          connectionName
="sa" connectionPassword="sa"
              userTable
="member" userNameCol="WNO" userCredCol="Password"
          userRoleTable
="system_permit" roleNameCol="system_code" />
driverName 驱动名字
connectionURL 数据库连接url
connectionName 连接的用户名
connectionPassword 连接的密码
userTable 用户表
userNameCol 用户名列
userCredCol 密码列
userRoleTable 角色表
roleNameCol 角色名字字段


一 Basic验证
Web.xml
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>admin page</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Password required</realm-name>
  </login-config>
  <security-role>
    <role-name>admin</role-name>
  </security-role>
取得用户登陆帐号
        String auth_user = null;
        String auth 
= request.getHeader("Authorization");
        String encoded 
= auth.substring(6);
        sun.misc.BASE64Decoder dec 
= new sun.misc.BASE64Decoder();
        String decoded 
= new String(dec.decodeBuffer(encoded));
        String[] userAndPass 
= decoded.split(":"2);
        auth_user 
= userAndPass[0];
        session.setAttribute(ADMIN_ID,auth_user);


二、FORM验证
1.准备login.jsp页面
<FORM name="logonForm"  method="post" action="j_security_check">
   
<input name="j_username" type="text" />
   
<input name="j_password" type="password" />
   
<input  type="submit" value="LOGIN"/>
</FORM>
*     帐号  j_username
*     密码  j_password
*     action  j_security_check
“*”内容为固定写法,不能改变
2.配置web.xml
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>admin page</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
  </login-config>  <security-role>
    <role-name>admin</role-name>
  </security-role>

posted on 2006-11-07 13:19 Derek.Guo 阅读(1982) 评论(0)  编辑  收藏 所属分类: Java

只有注册用户登录后才能发表评论。


网站导航:
 
MSN:envoydada@hotmail.com QQ:34935442