|
WEB.ML配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<description>
Role that can view session attribute values
</description>
<param-name>attribute.value.role</param-name>
<param-value>manager</param-value>
</context-param>
<security-constraint>
<web-resource-collection>
<web-resource-name>Stat User URLs</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Stat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Stat</realm-name>
</login-config>
<!--Security roles referenced by this web application -->
<security-role>
<role-name>Stat</role-name>
</security-role>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
Tomecat-----conf-----tomcat-users.xml 配置
<?xml version='1.0' encoding='cp936'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users>
<user name="admin" password="" roles="admin,manager" />
<role rolename="tomcat"/>
<role rolename="Stat"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="stat" password="iamadmin" roles="Stat"/>
</tomcat-users>
---------------------------------------------------------------------------------------------------------------------------------
补充
配置servlet映射关系:
<web-app>
......
<servlet>
<servlet-name>ServletName</servlet-name>
<servlet-class>com.jj.ServletClass</servlet-class>
<!-- servlet初始化参数 -->
<init-param>
<param-name>parameterName</param-name>
<param-value>parameterValue</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>ServletName</servlet-name>
<url-pattern>/*.do</url-pattern>
</servlet-mapping>
......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
配置监听器:
<web-app>
........
<listener>
<listener-class>com.jj.MyServletContextListener</listener-class>
</listener>
........
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
设置session超时:
<web-app>
........
<session-config>
<!-- 以分钟为单位 -->
<session-timeout>15</session-timeout>
</session-config>
........
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
配置应用上下文参数:
<web-app>
........
<context-param>
<param-name>parameterName</param-name>
<param-value>parameterValue</param-value>
</context-param>
........
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
禁用scriptlet:
<web-app>
........
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<scripting-invalid>true</scripting-invalid>
</jsp-property-group>
</jsp-config>
........
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
忽略EL表达式语言:
<web-app>
........
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<el-ignored>true</el-ignored>
</jsp-property-group>
</jsp-config>
........
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
EL函数配置:
TLD(标记库描述文件):
<taglib>
<uri>DiceFunctions</uri>
<function>
<name>rollIt</name>
<function-class>foo.DiceRoller</function-class>
<function-signature>
int rollDice()
</function-signature>
</function>
</taglib>
有函数的类:
package foo;
public class DiceRoller{
public static int rollerDice(){
return (int)((Math.random()*6)+1);
}
}
JSP中调用
<%@ tiglib prefix="mine" uri="DiceFunctions" %>
<html><body>
${mine:rollIt()}
</body></html>
---------------------------------------------------------------------------------------------------------------------------------
定制错误页面:
根据异常类型定制错误页面:
<web-app>
......
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/error.jsp</location>
</error-page>
......
</web-app>
根据HTTP状态码定制错误页面:
<web-app>
......
<error-page>
<error-code>404</error-code>
<location>/error.jsp</location>
</error-page>
......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
定制标记:
tld:
<taglib>
......
<tag>
<name>loop</name>
<tag-class>com.pandajj.tag.LoopTag</tag-class>
<!-- 四个值可选:empty,scriptless,tagdependent,JSP -->
<body-content>JSP</body-content>
<attribute>
<name>times</name>
<required>true</required>
<rtexpralue>true</rtexpralue>
</attribute>
</tag>
......
</taglib>
---------------------------------------------------------------------------------------------------------------------------------
定制欢迎页面:
<web-app>
......
<welcome-file-list>
<welcome-file>hello.html</welcome-file>
</welcome-file-list>
......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
EJB相关和MIME映射:
<web-app>
......
<!-- 本地Bean的引用 -->
<ejb-local-ref>
<ejb-ref-name>ejb/customer</ejb-ref-name>
<ejb-ref-type>Entity</ejb-ref-type>
<local-home>com.jj.CustomerHome</local-home>
<local>com.jj.Customer</local>
</ejb-local-ref>
<!-- 远程Bean的引用 -->
<ejb-ref>
<ejb-ref-name>ejb/LocalCustomer</ejb-ref-name>
<ejb-ref-type>Entity</ejb-ref-type>
<home>com.jj.CustomerHome</home>
<remote>com.jj.Customer</remote>
</ejb-ref>
<!-- 声明应用的JNDI环境项 -->
<env-entry>
<env-entry-name>rates/discountRate</env-entry-name>
<env-entry-type>java.lang.Integer</env-entry-type>
<env-entry-value>10</env-entry-value>
</env-entry>
<!-- 配置扩展名和MIME类型之间的映射 -->
<mime-mapping>
<extension>mpg</extension>
<mime-type>video/mpeg</mime-type>
</mime-mapping>
......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
过滤器映射:
<web-app>
......
<filter>
<filter-name>FilterName</filter-name>
<filter-class>com.jj.FilterClass</filter-class>
<init-param>
<param-name>parameterName</param-name>
<param-value>parameterValue</param-value>
</init-param>
</filter>
<!-- 声明相应URL模式的过滤器映射 -->
<filter-mapping>
<filter-name>FilterName</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<!-- 声明对应servlet名的过滤器映射 -->
<filter-mapping>
<filter-name>FilterName</filter-name>
<servlet-name>ServletName</servlet-name>
</filter-mapping>
......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
授权:
<web-app>
......
<security-role>
<!-- 对应Tomcat的tomcat-users.xml中设置的角色名 -->
<role-name>admin</role-name>
</security-role>
<login-config>
<!-- 四种方式可选 -->
<auth-method>BASIC</auth-method>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Web Security</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<!-- 数据在传输过程中不被别人看到 -->
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
四种认证类型:
BASIC:HTTP规范,Base64
<web-app>
......
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
......
</web-app>
DIGEST:HTTP规范,数据完整性强一些,但不是SSL
<web-app>
......
<login-config>
<auth-method>DIGEST</auth-method>
</login-config>
......
</web-app>
CLIENT-CERT:J2EE规范,数据完整性很强,公共钥匙(PKC)
<web-app>
......
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
......
</web-app>
FORM:J2EE规范,数据完整性非常弱,没有加密,允许有定制的登陆界面。
<web-app>
......
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
......
</web-app>
登陆页面表单的action,用户名,密码要用统一的名字:
<form action="j_security_check">
<input type="text" name="j_username" />
<input type="password" name="j_password" />
<input type="submit" value="enter" />
</form> | 
QQ群⑧:
窥视卡
雷达卡
发表于 2017-1-24 09:18:18
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡