求助:关于tomcat

根据servlet2.4规范,java web框架的网页的login form应该按照下例书写。注意,form的action属性的值应该为j_security_check。 <form method=”POST” action=”j_security_check”><input type=”text” name=”j_username”><input type=”password” name=”j_password”></form>

解决方案 »

  1.   

    下例从servlet2.4规范中摘录。其中的< security-role >和< security-constraint >部分中定义了受保护资源对应的角色,用户,和允许的操作。 <?xml version="1.0" encoding="ISO-8859-1"?><web-app xmlns="http://java.sun.com/xml/ns/j2ee"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version=”2.4”><display-name>A Secure Application</display-name><servlet><servlet-name>catalog</servlet-name><servlet-class>com.mycorp.CatalogServlet</servlet-class><init-param><param-name>catalog</param-name><param-value>Spring</param-value></init-param><security-role-ref><role-name>MGR</role-name><!-- role name used in code --><role-link>manager</role-link></security-role-ref></servlet><security-role><role-name>manager</role-name></security-role><servlet-mapping><servlet-name>catalog</servlet-name><url-pattern>/catalog/*</url-pattern></servlet-mapping><security-constraint><web-resource-collection><web-resource-name>SalesInfo</web-resource-name><url-pattern>/salesinfo/*</url-pattern><http-method>GET</http-method><http-method>POST</http-method></web-resource-collection><auth-constraint><role-name>manager</role-name></auth-constraint><user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint></security-constraint></web-app>
      

  2.   

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE web-app PUBLIC 
    '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN'
    'http://java.sun.com/dtd/web-app_2_3.dtd'>
    <web-app>
      <display-name>WebAppTest</display-name>     //Web组件名称
      <servlet>
        <servlet-name>webtest</servlet-name>
        <display-name>webtest</display-name>
        <jsp-file>/webtest.jsp</jsp-file>              //组件中包含的jsp文件
      </servlet>
      <session-config>
        <session-timeout>30</session-timeout>
      </session-config>
      <security-constraint>                                //安全约束部分
        <web-resource-collection>                         //受约束的web资源集
          <web-resource-name>WRCollection</web-resource-name>  //资源集名
          <url-pattern>/webtest.jsp</url-pattern>                  //资源的url表达式
          <http-method>GET</http-method>                     //受约束的资源操作方法
          <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>                                    //对安全角色授权
          <role-name>user</role-name>                        //安全角色名
        </auth-constraint>
        <user-data-constraint>
          <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
      </security-constraint>
      <login-config>                                        //验证方式设置
        <auth-method>BASIC</auth-method>                   //使用基本的HTTP验证方式
        <realm-name></realm-name>
      </login-config>
      <security-role>                                        //定义安全角色
        <description>this is a user</description>                      
        <role-name>user</role-name>
      </security-role>
    </web-app>