使用Tomcat实现页面访问控制
使用Tomcat实现页面访问控制主要有三种方式:引用
[*]使用JDBCRealm利用数据库控制
[*]使用JNDIRealm利用远程访问控制
[*]使用MemoryRealm利用tomcat-users.xml文件控制
一、使用JDBCRealm利用数据库控制
1.The meaning of the attributes is as follow:
attributeMeaningdriverName The name of the driver needed to connect to the databaseconnectionURL The connection URL used to connect to the databaseuserTable The user's tablesuserNameCol The column in the user's table that contains the nameuserCredCol The column in the user's table that contains the passworduserRoleTable The user's roles tableroleNameCol The column in the user's table that contains a role given to a userconnectionName The name to use when connecting to the database. (Optional)connectionPassword The password to use when connecting to the database. (Optional)digest The algorithm used for digest passwords or "No" for plain passwords, the values can be "MD5", "MD2", "SHA", etc... (Optional)
2.server.xml文件配制
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost:3306/globalapp"
connectionName="root" connectionPassword="x"
roleNameCol="role_name" userCredCol="user_pass"
userNameCol="user_name" userRoleTable="user_roles"
userTable="users" debug="50"/>
引用
connectionURL、connectionName、connectionPassword不能拼在一起使用一个符串,虽然Tomcat doc上使用的是这种方法,但试了很多次都没能成功。具体原因不详。如果有高手解决还望说明一下。
3.web.xml文件配制
<security-constraint>
<web-resource-collection>
<web-resource-name>Global App</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<!-- 这是FORM验证 -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Global App DIGEST</realm-name>
<form-login-config>
<form-login-page>/accessConsole/login.jsp</form-login-page>
<form-error-page>/accessConsole/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
The role that is required to log into the Global application
</description>
<role-name>admin</role-name>
</security-role>
4.数据库表建设
create table users (
user_name varchar(15) not null primary key,
user_pass varchar(15) not null
);
create table user_roles (
user_name varchar(15) not null,
role_name varchar(15) not null,
primary key (user_name, role_name)
);
insert into users values("xwood", "xwood");
insert into user_roles values("xwood", "admin");
这里除了采用FORM验证外还可以采用BASIC验证,别外还有一种客户端证书验证方法没有用过。采用BASIC验证方法只需要将<form-login-config>标签去掉即可。
二、使用JNDIRealm利用远程访问控制
引用
还未具体研究
三、使用MemoryRealm利用tomcat-users.xml文件控制
1.server.xml配置
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
<Realm className="org.apache.catalina.realm.MemoryRealm"
resourceName="UserDatabase"/>
其中,UserDatabase在server.xml中已经完成配置
2.tomcat-users.xml配置
<role rolename="admin"/>
<role rolename="user"/>
<user username="xwood" password="xwood" roles="admin"/>
3.web.xml配置
引用
与JDBCRealm相同
页:
[1]