[英]Using Basic Authentication (htaccess) to restrict access to a specific URL
I need to restrict access to a particular URL, eg http://mydomain.com/this/is/the/url on my webserver using Basic Authentication through Apache. 我需要通过Apache使用基本身份验证来限制对特定URL的访问,例如我的网络服务器上的http://mydomain.com/this/is/the/url 。 Any other URL should be openly accessible.
任何其他URL都应该是可以公开访问的。 I have seen that you can add specific rules to files using:
我已经看到您可以使用以下方法向文件添加特定规则:
<Files "mypage.html">
Require valid-user
</Files>
My problem is that all requests are routed to controllers using mod-rewrite and so I don't think that I can restrict access based on the file. 我的问题是所有请求都使用mod-rewrite路由到控制器,所以我不认为我可以根据文件限制访问。 Any ideas would be most helpful!
任何想法都会最有帮助!
In .htacess file you should put : 在.htacess文件中你应该把:
AuthType Basic
AuthName "Need to login"
AuthUserFile .htpasswd file location ;
Require user USER
//AuthName is login prompt message
//AuthUserFile is physical .htpasswd file location i.e.
C:/xampp/htdocs/basic/.htpasswd
//Require user is for a specific user i.e. the username you want to
authenticate
To generate .htpasswd file you can use : - http://www.htaccesstools.com/htpasswd-generator/ 要生成.htpasswd文件,您可以使用: - http://www.htaccesstools.com/htpasswd-generator/
I'm not sure if this would work/help, but you could specify something in your application web.xml. 我不确定这是否可行/帮助,但您可以在应用程序web.xml中指定一些内容。
<security-constraint>
<display-name>Public access</display-name>
<web-resource-collection>
<web-resource-name>PublicPages</web-resource-name>
<description>Public</description>
<url-pattern>/servlet/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>Secured access</display-name>
<web-resource-collection>
<web-resource-name>SecuredPages</web-resource-name>
<description>Secured pages</description>
<url-pattern>/services/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>General Access</description>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>SecurePages</realm-name>
</login-config>
<security-role>
<description>General Access</description>
<role-name>*</role-name>
</security-role>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.