1. 創建驗證表單usercheck.jsp及錯誤處理頁面error.jsp,表單的用戶名文本框必須命名為j_username,密碼文本框必須命名為j_password,表單的action必須為j_security_check.
2. 在web.xml中的<web-app></web-app>添加如下代碼:
<security-role>
<description>Baron's role to log in administration application</description>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<display-name>Baron security-constraint!</display-name>
<web-resource-collection>
<web-resource-name>Baron Protected Area</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.htm</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>BaronRealm</realm-name>
<form-login-config>
<form-login-page>/usercheck.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
如果對所有的web資源都進行保護,則作如下修改:
<url-pattern>/*<url-pattern>
如果通過控制資源訪問方法進行保護,則在<web-resource-collection>
</web-resource-colleciont>作如下修改:
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
以上為基于表單的驗證,如果改成基本驗證(不安全),則作如下修改:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>BaronRealm</realm-name>
</login-config>
如果改成摘要驗證,則作如下修改:
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>BaronRealm</realm-name>
</login-config>
3. 1)通過內存域驗證,即根據tomcat-user.xml文件中的定義來驗證登陸信息
在tomcat-users.xml中進行如下修改,添加角色及用戶
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="baron" password="baron" roles="admin"/>
</tomcat-users>
在server.xml中的<Context></Context>中添加:
<Realm className="org.apache.catalina.realm.MemoryRealm"/>
2)通過DataSource域驗證
- 建數據庫,比如guard,然后建用戶表users,字段user_name,user_password,建角色表
user_roles,字段user_name,role_name
- 將SQLServer的JDBC驅動程序考到<CATALINA_HOME>/common/lib中
- 在server.xml中的<GlobalNamingResource>元素下加入<Resource>和
<ResourceParams>元素:
<Resource auth="Container" name="jdbc/BaronDB" type="javax.sql.DataSource"/>
<ResourceParams name="jdbc/BaronDB">
<parameter>
<name>factory</name>
<value>org.apache.commons.dbcp.BasicDataSourceFactory</value>
</parameter>
<parameter>
<name>url</name>
<value>jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=guard</value>
</parameter>
<parameter>
<name>password</name>
<value>229</value>
</parameter>
<parameter>
<name>maxWait</name>
<value>10000</value>
</parameter>
<parameter>
<name>maxActive</name>
<value>100</value>
</parameter>
<parameter>
<name>driverClassName</name>
<value>com.microsoft.jdbc.sqlserver.SQLServerDriver</value>
</parameter>
<parameter>
<name>username</name>
<value>sa</value>
</parameter>
<parameter>
<name>maxIdle</name>
<value>30</value>
</parameter>
</ResourceParams>
- 在server.xml中web應用對應的<Context>元素中加入<Realm>元素:
<Realm className="org.apache.catalina.realm.DataSourceRealm"
debug="99"
dataSourceName="jdbc/BaronDB"
userTable="b_users" userNameCol="user_name" userCredCol="user_password"
userRoleTable="b_user_roles" roleNameCol="role_name"/>
*.在web.xml中無須加入<resource-ref>聲明對DataSource的引用
*.在頁面中調用request.getRemoteUser()可得到當前訪問的用戶名