1.Tomcat默認驗證的配置 通過tomcat-user.xml進行驗證
server.xml
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/>
tomcat-user.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="user"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="derek" password="dada" roles="admin,user"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="admin" password="dada" roles="admin,manager"/>
</tomcat-users>
2.配置驗證,通過數據庫
(用戶表member:帳號字段wno,密碼字段password; 權限表system_permit: 權限字段system_code)
server.xml
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="net.sourceforge.jtds.jdbc.Driver"
connectionURL="jdbc:jtds:sqlserver://192.168.56.32:1433/testDB"
connectionName="sa" connectionPassword="sa"
userTable="member" userNameCol="WNO" userCredCol="Password"
userRoleTable="system_permit" roleNameCol="system_code" />
driverName 驅動名字
connectionURL 數據庫連接url
connectionName 連接的用戶名
connectionPassword 連接的密碼
userTable 用戶表
userNameCol 用戶名列
userCredCol 密碼列
userRoleTable 角色表
roleNameCol 角色名字字段
一 Basic驗證Web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Password required</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
取得用戶登陸帳號
String auth_user = null;
String auth = request.getHeader("Authorization");
String encoded = auth.substring(6);
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
String decoded = new String(dec.decodeBuffer(encoded));
String[] userAndPass = decoded.split(":", 2);
auth_user = userAndPass[0];
session.setAttribute(ADMIN_ID,auth_user);
二、FORM驗證
1.準備login.jsp頁面
<FORM name="logonForm" method="post" action="j_security_check">
<input name="j_username" type="text" />
<input name="j_password" type="password" />
<input type="submit" value="LOGIN"/>
</FORM>
* 帳號 j_username
* 密碼 j_password
* action j_security_check
“*”內容為固定寫法,不能改變
2.配置web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>admin page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config> <security-role>
<role-name>admin</role-name>
</security-role>
posted on 2006-11-07 13:19
Derek.Guo 閱讀(2228)
評論(0) 編輯 收藏 所屬分類:
Java