堆栈内存溢出
  简体   繁体   English

登录表单到tomcat中受保护的应用程序

[英]Login form to an a secured app in tomcat

 原文  2010-01-25 15:20:09       java/ security/ apache/ tomcat/ login

问题描述

I have a normal HTML page in a normal Apache http server ( http://yyy.yyy.yyy.yyy/index.html ), with an authentication form, with that form I need to access with the credentials to an application located in other server with diferent IP , that server have a secured application with tomcat: here is the login form in the apache http server: 我在普通的Apache http服务器( http://yyy.yyy.yyy.yyy/index.html )中具有普通的HTML页面,带有身份验证表单,该表单需要使用凭据访问位于其他具有不同IP的服务器,该服务器具有受保护的具有tomcat的应用程序:这是apache http服务器中的登录表单: 

<form method="POST" id="theForm" 
      action="http://xxx.xxx.xxx.xxx:8080/securedapp/j_security_check">
  <input name="j_username" type="text" class="tx_form" id="j_username" size="20" />
  <input name="j_password" type="password" class="tx_form" id="textfield2" size="20" />
  <input name="btn" type="submit" value="login" />
</form>

the submit only works random in chrome and dont work in IE and FF. 提交仅适用于chrome浏览器,不适用于IE和FF。 im doing something wrong? 我做错了什么?

2 个解决方案

解决方案1
 0  2010-01-25 15:31:11

You are missing a submit button. 您缺少提交按钮。 Chrome sends the values even without submit button when you press enter. 当您按Enter键时,即使没有提交按钮,Chrome也会发送这些值。 Firefox and IE don't. Firefox和IE不会。

If you don't want the sumbit button (not recommended), you could try something like 如果您不希望使用sumbit按钮(不推荐),则可以尝试类似 

<input type='text' name='bla' onKeyDown="if (window.event.keyCode==13) this.form.submit();">

解决方案2
 0  2010-05-06 09:57:14

I recommend installing tamperdata in firefox and then click the "start tamper" button in the tamperdata window. 我建议在firefox中安装篡改数据 ,然后在篡改数据窗口中单击“启动篡改”按钮。 Click submit on the forum and then "tamper" the request. 单击论坛上的提交,然后“篡改”请求。 This will allow you to view and modify all of the data in a http request. 这将允许您查看和修改http请求中的所有数据。

There maybe some differences when the request is sent from a remote server vs locally. 从远程服务器与本地发送请求时,可能会有一些差异。 For one the "referer" will be different and some applications check this as a form of CSRF protection. 对于一个“引荐”而言,它会有所不同,某些应用程序将此作为CSRF保护的一种形式进行检查。 Another thing to keep an eye out for is missing get/post variables, you might have forgotten something or it maybe modified with javascript. 需要注意的另一件事是缺少get / post变量,您可能已经忘记了某些内容,或者可能使用javascript对其进行了修改。 Finley make sure that the content-type of the request is the same. Finley确保请求的content-type相同。

This is how you change the content type of a post request: 这是您更改发布请求的内容类型的方式: 

<form action="http://xxx.xxx.xxx.xxx:8080/securedapp/j_security_check"
    enctype="multipart/form-data"
    method="post">

Another option is to use Wireshark to capture the http reqeusts generated by chrome/ie/firefox. 另一种选择是使用Wireshark捕获由chrome / ie / firefox生成的http请求。 You can use a diff tool like Meld to compare packets. 您可以使用像Meld这样的差异工具来比较数据包。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring + Tomcat-在表单登录中禁用前置的应用程序模块名称 - Spring + Tomcat - Disable prepended app module name in form-login 将 CSRF 令牌添加到 RestTemplate 获取通过表单登录保护的页面的请求 - Add CSRF Token to RestTemplate Get Request for Page Secured by Form Login 由KERBEROS保护的Java应用 - Java app secured by KERBEROS jdbc领域,form-login-config,Tomcat和db连接错误 - jdbc realm, form-login-config, Tomcat and db connection error tomcat 8安全基于表单的身份验证自动登录 - tomcat 8 security Form based authentification auto-login 如何基于表单的身份验证(tomcat领域),如何强制tomcat始终将第一个请求重定向到登录页面 - how to force tomcat to always redirect the 1st request to login page in case of form based authentication(tomcat realm) WildFly 13 Web应用程序未显示登录表单 - WildFly 13 web app not showing login form 使用 Apache httpd 2.4.6 和 Tomcat 8 配置安全的 websockets - Configure secured websockets using Apache httpd 2.4.6 and Tomcat 8 Tomcat登录问题 - Tomcat login issue 登录后显示403 tomcat - 403 tomcat after login
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM