準(zhǔn)備環(huán)境:
1.j2sdk-1_4_2-windows-i586.exe    //jdk
2.mysql-4.0.20d-win.zip        //mysql數(shù)據(jù)庫
3.mysqlcc-0.9.4-win32.zip    //mysqlGUI控制
4.jakarta-tomcat-5.0.27.exe    //tomcat服務(wù)器
5.mysql-connector-java-3.0.14-production.zip //內(nèi)含mysql驅(qū)動

安裝步驟:
1.安裝jdk
2.安裝tomcat
3.安裝mysql
4.安裝mysqlcc
5.將驅(qū)動包解壓,拷貝mysql-connector-java-3.0.14-production-bin.jar到tomcat/common/lib下
或者下載mm.mysql-2.0.14-you-must-unjar-me.jar,解壓后拷貝其中的mm.mysql-2.0.14-bin.jar

Tomcat5.0配置 本例使用安裝密碼 198277
1.配置manager 管理應(yīng)用程序
在conf/server.xml 中
添加如下

<Service name="Catalina">
...

    <Context path="/manager" debug="0" privileged="true"
             docBase="/usr/local/kinetic/tomcat5/server/webapps/manager">
    </Context>

</Service>

限制ip訪問配置
<Context path="/manager" debug="0" privileged="true"
         docBase="/usr/local/kinetic/tomcat5/server/webapps/manager">
         <Valve className="org.apache.catalina.valves.RemoteAddrValve"
                allow="127.0.0.1"/>
</Context>
測試為:http://localhost:8080/manager/html

2.配置JDBCRealm容器管理安全,以mysql-4.0數(shù)據(jù)庫為例
a.拷貝驅(qū)動mm.mysql-2.0.14-bin.jar到common/lib/下
b.在數(shù)據(jù)庫ycg中建表
  
 create table users (
  user_name         varchar(15) not null primary key,
  user_pass         varchar(15) not null
);

create table user_roles (
  user_name         varchar(15) not null,
  role_name         varchar(15) not null,
  primary key (user_name, role_name)
);

c.修改server.xml如下(默認(rèn)數(shù)據(jù)庫為root,無密碼,如果有形如:connectionURL="jdbc:mysql://localhost/authority?

user=dbuser&password=dbpass")
      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
             driverName="org.gjt.mm.mysql.Driver"
          connectionURL="jdbc:mysql://localhost/ycg?user=root"
         connectionName="" connectionPassword=""
              userTable="users" userNameCol="user_name" userCredCol="user_pass"
          userRoleTable="user_roles" roleNameCol="role_name" />

d.在數(shù)據(jù)庫中添加入tomcat的默認(rèn)配置數(shù)據(jù):

+-----------+-----------+
| user_name | role_name |
+-----------+-----------+
| admin     | admin     |
| admin     | manager   |
| both      | role1     |
| both      | tomcat    |
| role1     | role1     |
| tomcat    | tomcat    |
+-----------+-----------+
+-----------+-----------+
| user_name | user_pass |
+-----------+-----------+
| tomcat    | tomcat    |
| both      | tomcat    |
| role1     | tomcat    |
| admin     | 198277    |
+-----------+-----------+

e.啟動mysql,啟動tomcat,此后tomcat將從數(shù)據(jù)庫中讀用戶規(guī)則認(rèn)證.默認(rèn)的conf/tomcat-users.xml失效

3.DBCP的配置
a.設(shè)置
             <parameter>
              <name>removeAbandoned</name>
              <value>true</value>
            </parameter>

 可使失效的數(shù)據(jù)連接重新啟用.
配套設(shè)置
  
             <parameter>
              <name>removeAbandonedTimeout</name>
              <value>60</value>
            </parameter>
失效時間
如果要寫入日志
設(shè)置
            <parameter>
              <name>logAbandoned</name>
              <value>true</value>
            </parameter>
以上三個默認(rèn)都是false
b.以mysql為例,配置數(shù)據(jù)連接池
c.配置新的用戶與數(shù)據(jù)庫,必須設(shè)定密碼,空密碼將導(dǎo)致連接失敗
e.
指定root密碼:mysqladmin -u root -h localhost password "198277"
(需修改上面的jdbcrealm設(shè)置connectionURL="jdbc:mysql://localhost/ycg?user=root&password=198277")
命令mysql進(jìn)入匿名連接到服務(wù)器
密碼訪問
shell> mysql -h host -u user -p
Enter password: ********

//如果root沒有密碼,以下是不成功的.(試過了)
 mysql> GRANT ALL PRIVILEGES ON *.* TO javauser@localhost
    ->   IDENTIFIED BY 'javadude' WITH GRANT OPTION;
mysql> create database javatest;
mysql> use javatest;
mysql> create table testdata (
    ->   id int not null auto_increment primary key,
    ->   foo varchar(25),
    ->   bar int);

在conf/server.xml中<host></host>中添加
<Context path="/DBTest" docBase="DBTest"
        debug="5" reloadable="true" crossContext="true">

  <Logger className="org.apache.catalina.logger.FileLogger"
             prefix="localhost_DBTest_log." suffix=".txt"
             timestamp="true"/>

  <Resource name="jdbc/TestDB"
               auth="Container"
               type="javax.sql.DataSource"/>

  <ResourceParams name="jdbc/TestDB">
    <parameter>
      <name>factory</name>
      <value>org.apache.commons.dbcp.BasicDataSourceFactory</value>
    </parameter>

    <!-- Maximum number of dB connections in pool. Make sure you
         configure your mysqld max_connections large enough to handle
         all of your db connections. Set to 0 for no limit.
         -->
    <parameter>
      <name>maxActive</name>
      <value>100</value>
    </parameter>

    <!-- Maximum number of idle dB connections to retain in pool.
         Set to 0 for no limit.
         -->
    <parameter>
      <name>maxIdle</name>
      <value>30</value>
    </parameter>

    <!-- Maximum time to wait for a dB connection to become available
         in ms, in this example 10 seconds. An Exception is thrown if
         this timeout is exceeded.  Set to -1 to wait indefinitely.
         -->
    <parameter>
      <name>maxWait</name>
      <value>10000</value>
    </parameter>

    <!-- MySQL dB username and password for dB connections  -->
    <parameter>
     <name>username</name>
     <value>javauser</value>
    </parameter>
    <parameter>
     <name>password</name>
     <value>javadude</value>
    </parameter>

    <!-- Class name for the old mm.mysql JDBC driver - uncomment this entry and comment next
         if you want to use this driver - we recommend using Connector/J though
    <parameter>
       <name>driverClassName</name>
       <value>org.gjt.mm.mysql.Driver</value>
    </parameter>
     -->
   
    <!-- Class name for the official MySQL Connector/J driver -->
    <parameter>
       <name>driverClassName</name>
       <value>com.mysql.jdbc.Driver</value>
    </parameter>
   
    <!-- The JDBC connection url for connecting to your MySQL dB.
         The autoReconnect=true argument to the url makes sure that the
         mm.mysql JDBC Driver will automatically reconnect if mysqld closed the
         connection.  mysqld by default closes idle connections after 8 hours.
         -->
    <parameter>
      <name>url</name>
      <value>jdbc:mysql://localhost:3306/javatest?autoReconnect=true</value>
    </parameter>

            <parameter>
              <name>removeAbandoned</name>
              <value>true</value>
            </parameter>

             <parameter>
              <name>removeAbandonedTimeout</name>
              <value>60</value>
            </parameter>
            <parameter>
              <name>logAbandoned</name>
              <value>true</value>
            </parameter>
  </ResourceParams>
</Context>

f.在web服務(wù)中調(diào)用.配置web.xml 如:
<web-app xmlns="    xmlns:xsi="    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
    version="2.4">
  <description>MySQL Test App</description>
  <resource-ref>
      <description>DB Connection</description>
      <res-ref-name>jdbc/TestDB</res-ref-name>
      <res-type>javax.sql.DataSource</res-type>
      <res-auth>Container</res-auth>
  </resource-ref>
</web-app>
g.測試用test.jsp
<%@ taglib uri="<%@ taglib uri="

<sql:query var="rs" dataSource="jdbc/TestDB">
select id, foo, bar from testdata
</sql:query>

DBTest/
    WEB-INF/
        web.xml
        lib/
            jstl.jar
            standard.jar
    test.jsp
拷貝到webapps/ 下
i.啟動mysql,tomcat
訪問:
http://localhost:8080/DBTest/test.jsp
顯示:
    Results
    Foo hello
    Bar 12345

4.ssl的配置,以jdk1.4.2為例
a.進(jìn)入%JAVA_HOME%\bin
運行命令:keytool -genkey -alias tomcat -keyalg RSA
以tomcat 安裝密碼為198277,ketool設(shè)置密碼為198277為例
輸入keystore密碼：  198277
您的名字與姓氏是什么？
  [Unknown]：  ycg
您的組織單位名稱是什么？
  [Unknown]：  nju
您的組織名稱是什么？
  [Unknown]：  nju
您所在的城市或區(qū)域名稱是什么？
  [Unknown]：  nanjing
您所在的州或省份名稱是什么？
  [Unknown]：  jiangsu
該單位的兩字母國家代碼是什么
  [Unknown]：  nd
CN=ycg, OU=nju, O=nju, L=nanjing, ST=jiangsu, C=nd 正確嗎？
  [否]：  y

輸入<tomcat>的主密碼
        （如果和 keystore 密碼相同，按回車）：  198277
b.在你的D:\Documents and Settings\的當(dāng)前用戶目錄下可以找到.keystore文件.將其拷貝到conf/文件夾下.
c.在server.xml 中找到

    <!--
    <Connector port="8443"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->
    去掉注釋

添加配置字段:keystoreFile="/conf/.keystore" keystorePass="198277"
如: <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
  
    <Connector port="8443"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="/conf/.keystore"
               keystorePass="198277"/>
d.測試為:
https://localhost:8443
e.在自己的程序中添加ssl認(rèn)證方式為:
在web.xml 中<web-app></web-app>添加
<security-constraint>
<web-resource-collection>
<web-resource-name>Success</web-resource-name>
<url-pattern>/</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
f.用上提為例就是
修改web.xml 為
<web-app xmlns="    xmlns:xsi="    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
    version="2.4">

 
  <resource-ref>
      <description>DB Connection</description>
      <res-ref-name>jdbc/TestDB</res-ref-name>
      <res-type>javax.sql.DataSource</res-type>
      <res-auth>Container</res-auth>
  </resource-ref>
</web-app>
訪問:
https://localhost:8443/DBTest/test.jsp

g.如果與2配置的jdbcRealm結(jié)合起來進(jìn)行表單認(rèn)證
先在user_roles表中添加user_name:ycg role_name:web-user
在users表中添加user_name:ycg user_pass:198277

然后在web.xml中添加
<auth-constraint>
<role-name>web-user</role-name>
</auth-constraint>

<login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>My Member Area</realm-name>
</login-config>

修改后的web.xml如:
<web-app xmlns="    xmlns:xsi="    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
    version="2.4">

測試:
http://localhost:8080/DBTest/test.jsp
將通過ssl連接,并進(jìn)行表單認(rèn)證.用戶密碼可在user_roles,和users中添加.

5.中文亂碼問題:
mysql 默認(rèn)編碼 iso
tomcat request 傳輸編碼 iso
如果要顯示中文
在*.jsp中添加
<head>
<%@ page
language="java"
contentType="text/html; charset=GB18030"
pageEncoding="GB18030"
%>
</head>
如果是數(shù)據(jù)傳輸中的亂碼(如用servlet從mysql數(shù)據(jù)庫讀出的數(shù)據(jù))
用以下兩個轉(zhuǎn)碼函數(shù)轉(zhuǎn)碼,如果不清楚由哪種編碼轉(zhuǎn)成哪種編碼,就多嘗試.
    //轉(zhuǎn)碼GBK轉(zhuǎn)ISO
    public String toISO(String input) {
        try {
                byte[] bytes = input.getBytes("GBK");
                return new String(bytes,"ISO8859-1");
        }catch(Exception ex) {
        }
        return input;

    }
   
    //轉(zhuǎn)碼IS0轉(zhuǎn)GBK
    public String toGBK(String input) {
        try {
            byte[] bytes = input.getBytes("ISO8859-1");
            return new String(bytes,"GBK");
        }catch(Exception ex) {
        }
        return input;
    }

以上配置都測試通過.主要參考tomcat5.0的幫助文檔.將過程寫出來與大家共享.如果發(fā)現(xiàn)其中錯誤,請指出.
歡迎給我來信ycg01@software.nju.edu.cn共同探討.