使用Tomcat进行表单身份验证
[英]Form authentication with Tomcat
问题描述
I am trying to implement form based authentication with Tomcat. 
我正在尝试使用Tomcat实施基于表单的身份验证。 All my secured servlets are mapped under mydomain/myapp. 我所有的安全servlet都映射在mydomain / myapp下。 I am able to secure this directory by following the basic tutorials and specifying the login and login_failed pages. 我可以通过遵循基本教程并指定login和login_failed页面来保护此目录。
My problem is that I want an unsecured mydomain/index.html that contains the username/password forms so that a visitor can login from there. 我的问题是我想要一个不安全的mydomain / index.html,其中包含用户名/密码形式,以便访问者可以从那里登录。 My best attempt so far doesn't work: 到目前为止,我最好的尝试不起作用:
<form method="POST" action="myapp/">
Username: <input type="text" name="j_username"> <br/>
Password: <input type="password" name="j_password">
<input type="submit" value="Login">
</form>
Any suggestions? 有什么建议么?
Edit: Authentication works in the sense that if you try to access mydomain/myapp you get redirected to a login page. 编辑:从某种意义上讲,身份验证有效,如果您尝试访问mydomain / myapp,则会重定向到登录页面。 What I don't understand is how to allow the user to login without first attempting to access the protected pages. 我不了解的是如何允许用户登录而无需先尝试访问受保护的页面。
3 个解决方案
解决方案1
1 2011-01-21 06:57:40
Read paragraph 13.5.3.1 of the servlet specicification . 阅读servlet规范的13.5.3.1段 。 It says : "In order for the authentication to proceed appropriately, the action of the login form must always be j_security_check". 它说:“为了正确进行身份验证,登录表单的操作必须始终为j_security_check”。
So you have to change the action of your login form. 因此,您必须更改登录表单的操作。 It has to be j_security_check. 它必须是j_security_check。
解决方案2
0 2012-05-16 15:02:30
When user tries to access your secured resource (securedPage.jsp), they will be taken to your login page (login.jsp, for example). 当用户尝试访问您的安全资源(securedPage.jsp)时,它们将被带到您的登录页面(例如,login.jsp)。 They will enter user name and password, then click 'Submit'. 他们将输入用户名和密码,然后单击“提交”。 The form will be submitted using action j_security_check. 表单将使用动作j_security_check提交。 This is what Container provides. 这就是容器提供的。 So if the login is successfull, the user will be redirected to securedPage.jsp, otherwise he will be redirected to the error page, that you also have 因此,如果登录成功,用户将被重定向到securePage.jsp,否则,他将被重定向到错误页面
解决方案3
0 2015-09-16 21:32:50
in the web.xml where you declare the security, you should declare it for both, secured resource and open resource. 在声明安全性的web.xml中,应同时为安全资源和开放资源都声明安全性。
just when declaring the open resource you don't write the 'aut-constaint' tags 只是在声明开放资源时,您不写“ aut-constaint”标签
for example the secured resource: 例如安全资源:
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
and for the open resource: 对于开放资源:
<security-constraint>
<web-resource-collection>
<web-resource-name>open</web-resource-name>
<url-pattern>/path/to/open/resource</url-pattern>
</web-resource-collection>
</security-constraint>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.