Java Web应用程序,tomcat 6
[英]Java Web application ,tomcat 6
问题描述
I have my web.xml like this I have added a tag <login-config> at the end 
我有这样的web.xml,我在末尾添加了一个标签<login-config>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>LoginRemote</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<description></description>
<display-name>remoteSample</display-name>
<servlet-name>remoteSample</servlet-name>
<servlet-class>com.src.remoteSample</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>remoteSample</servlet-name>
<url-pattern>/remoteSample</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
</web-app>
and my server is tomcat 6 i have made tomcatAuthenication as "false" 我的服务器是tomcat 6,我将tomcatAuthenication设置为“ false”
<Connector connectionTimeout="20000" port="9000" protocol="HTTP/1.1" redirectPort="8443" />
and then my Servlet is this i get a null for request.getRemoteUser() and request.getAuthType() what should i do to get the client's username to a remote machine? 然后我的Servlet是这个,我得到了request.getRemoteUser()和request.getAuthType()的null ,我应该怎么做才能将客户端的用户名获取到远程计算机?
package com.src;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class remoteSample extends HttpServlet {
private static final long serialVersionUID = 1L;
public remoteSample() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("text/html;charset=UTF-8");
System.out.println("login info:"+request.getHeader("Authentication"));
System.out.println("Authentication type:"+request.getAuthType());
//printWriter.println(""+ServiceContextHolder.getContext().getAuthentication().getName());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}
}
1 个解决方案
解决方案1
0 2015-02-05 08:10:48
Adding login-config alone is not enough. 仅添加login-config是不够的。 You're missing two things: 您缺少两件事:
The value of
tomcatAuthenticationshould definitely betrue, otherwise Tomcat assumes that authentication is done by another service (eg Apache HTTP) and therefore doesn't try to perform any sort of authentication.tomcatAuthentication的值tomcatAuthentication绝对为true,否则Tomcat假定身份验证是由另一个服务(例如Apache HTTP)完成的,因此不会尝试执行任何类型的身份验证。You also have to tell Tomcat which resources require authentication and which don't.
您还必须告诉Tomcat哪些资源需要身份验证,哪些不需要身份验证。 For that, you should add something like this to your web.xml: 为此,您应该在web.xml中添加以下内容:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>
There's a tutorial that shows how you can also add a custom page for prompting users for authentication and to ensure that Tomcat always does it over https. 有一个教程显示如何还可以添加自定义页面以提示用户进行身份验证,并确保Tomcat始终通过https进行操作。
Also, if you choose to use BASIC authentication then another way to solve this problem is by inspecting the value of the Authentication header by calling request.getHeader("Authentication") and extracting the user information directly from the Base64-encoded string that appears after "BASIC". 另外,如果您选择使用BASIC身份验证,那么解决此问题的另一种方法是通过调用request.getHeader("Authentication")来检查Authentication标头的值,然后直接从出现在后面的Base64编码的字符串中提取用户信息。 “基本”。 However, note that when Tomcat processes the authentication, it also removes the Authorization header from the request, meaning that you can use this approach as an alternative to the having Tomcat handle the authentication but not in conjunction with it. 但是,请注意,当Tomcat处理身份验证时,它还会从请求中删除Authorization标头,这意味着您可以使用此方法代替让Tomcat处理身份验证,但不能与身份验证结合使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.