<security-constraint>
<web-resource-collection>
<web-resource-name>protected</web-resource-name>
<description>用户登陆保护</description>
<url-pattern>/test.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
以上为布局的登陆.。..
这是利用Tomcat的表单身份验证,我也只知道基本用法,没有细研究,帮不了你。
不知道搞的什么
1,request.getRemoteUser();
2,request.request.getUserPrincipal().getName();获得登录用户的密码,由于这个密码是由 Servlet 容器负责管理实现的,
在 Servlet 的 API 中也没有现成的方法,下面是一个通过反射获得的登
录密码的一个较为简陋的方法,可以参考一下(在 Tomcat 中能正常运行)。import java.io.IOException;
import java.lang.reflect.Method;
import java.security.Principal;import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;public class FormAuth extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
} public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
Principal principal = request.getUserPrincipal();
System.out.println("Username: " + request.getRemoteUser());
System.out.println("Username: " + principal.getName());
System.out.println("Password: " + getPrincipalPassword(principal));
request.setAttribute("login", principal.getName());
getServletContext().getRequestDispatcher("/security/success.jsp").forward(request, response);
} private String getPrincipalPassword(Principal principal) {
Class<? extends Principal> clazz = principal.getClass();
String password = null;
try {
Method method = clazz.getMethod("getPassword", new Class[0]);
if(method != null) {
Object obj = method.invoke(principal, new Object[0]);
if(obj != null) {
password = (String)obj;
}
}
} catch (Exception e1) {
e1.printStackTrace();
}
return password;
}
}采用这种方式进行验证时,不需要把用户名什么的存放在 session 当中,
由容器负责管理,在验证一次成功之后,今后通过 request 就能获取用户
名。需要退出登录时,注销一下 session:
request.getSession().invalidate();
1,request.getRemoteUser();
2,
request.request.getUserPrincipal().getName();