[英]How do I password protect an HTTP Get Request on my Apache Tomcat server?
我只想向用戶發送一些數據,前提是他們必須在其HTTP請求的標頭中正確提供用戶名和密碼。
我嘗試通過HttpServletReqest login()方法執行此操作,但是它沒有起作用。
這是我的服務器的doGet方法:
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("application/json");
PrintWriter out = response.getWriter();
String token = "abcdef";
request.login("User", "Pass");
out.print("{\n\"Authentication Token\" : \"" + token + "\"\n}");
out.flush();
}
這是我發送的“獲取請求”的標題(通過Google Chrome的Advanced Rest Client)
Authorization: Basic VXNlcjpQYXNz //"User" "Pass" converted to Base 64 by Advanced Rest Client
但是,它總是拋出“登錄失敗” Servlet異常。
您需要在tomcat的tomcat-users.xml文件中配置用戶和角色。還需要在web.xml文件中配置URL以使用此身份驗證。給您下面的示例代碼...
tomcat-users.xml file:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="myname" password="mypassword" roles="tomcat"/>
<user username="test" password="test"/>
</tomcat-users>
web.xml file :
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="tomcat-demo" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<servlet>
<servlet-name>TestServlet</servlet-name>
<servlet-class>test.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
<url-pattern>/test</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
<user-data-constraint>
<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.