[英]Tomcat 7 realm configuration for form based authentication
I am quite new to Java EE and was starting out with tomcat. 我对Java EE还是很陌生,并且从tomcat开始。 I am developing a small task application with PrimeFaces. 我正在使用PrimeFaces开发一个小型任务应用程序。
The application has a main page and admin area which is protected by the web.xml file. 该应用程序具有主页和管理区域,该区域由web.xml文件保护。 When i develop the login page according to guidelines posted here http://docs.oracle.com/cd/E19159-01/819-3669/bncby/index.html . 当我根据http://docs.oracle.com/cd/E19159-01/819-3669/bncby/index.html中发布的指南开发登录页面时。 I cannot login although I have configured the realm properly. 尽管我已经正确配置了领域,但是我无法登录。
I read this post on JSP web application form based authentication in tomcat which is exactly the problem I have. 我在基于Tomcat的JSP Web应用程序表单身份验证上阅读了这篇文章,这正是我遇到的问题。 But I am not using Eclipse. 但是我没有使用Eclipse。
These are my codings and XML configuration files. 这些是我的编码和XML配置文件。
The login.jsp page login.jsp页面
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Log In</title>
</head>
<body>
<form method="post" action="j_security_check">
<p>Username</p>
<input type="text" name="j_username" />
<p>Password</p>
<input type="password" name="j_password" />
<p></p>
<input type="submit" value="Submit" /> <input type="reset"
value="reset" />
</form>
</body>
</html>
The web.xml file web.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>ToDoApplication</display-name>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<!-- JSF Mapping -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Main Login Auth</display-name>
<web-resource-collection>
<web-resource-name>Restricted Access</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>management</role-name>
</security-role>
<security-role>
<role-name>sales</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
This is my server.xml in tomcat/conf folder. 这是我的tomcat / conf文件夹中的server.xml。
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8081
-->
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the BIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<!-- Edited by Me while adding support to JDBC database configuration -->
<context path="/ToDoApplication" privileged="true" reloadable="true" cookies="true" debug="true">
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost/todo?user=tomcat&password=tomcat"
userTable="users" userNameCol="username" userCredCol="password"
userRolesTable="user_roles" roleNameCol="rolename"/>
</context>
<!-- Editing finished -->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
This is how I have prepared the database tables, database is called 'todo'. 这就是我准备数据库表的方式,数据库称为“ todo”。
mysql> SELECT * FROM users;
+----------+----------+
| username | password |
+----------+----------+
| lal | lal |
| lala | lala |
| mad | mada |
| nalaka | nalaka |
+----------+----------+
4 rows in set (0.00 sec)
mysql> SELECT * FROM user_roles;
+----------+------------+
| username | rolename |
+----------+------------+
| lal | sales |
| lala | management |
| lala | sales |
| mad | admin |
| nalaka | sales |
+----------+------------+
5 rows in set (0.00 sec)
I have to use user mad to login because in the web.xml file I have specified the role as admin to login to the admin area. 我必须使用用户疯狂登录,因为在web.xml文件中我指定的角色为管理员登录到管理区。 When I use the username and password as mad and mada respectively, I get redirected to the error page. 当我分别使用用户名和密码mad和mada时,我将重定向到错误页面。 And the URL is appended with j_security_check like this. URL像这样附加j_security_check。
http://localhost:8081/ToDoApplication/admin/j_security_check
The database user tomcat has SELECT privileges for the todo database. 数据库用户tomcat对todo数据库具有SELECT特权。 The tomcat guide mentioned that since the tomcat server wont be writing to the database, the user must at least have read privileges. tomcat指南提到,由于tomcat服务器不会写入数据库,因此用户至少必须具有读取特权。
错误发生在server.xml的“ userRolesTable”中,应为“ userRoleTable”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.