- 浏览: 179481 次
- 性别:
- 来自: 成都
文章分类
最新评论
-
donggongai:
Blackbaby 写道mazhi4562qq 写道moist ...
openfire集成现有系统的用户表 -
Blackbaby:
mazhi4562qq 写道moistrot 写道哥们,你集成 ...
openfire集成现有系统的用户表 -
mazhi4562qq:
moistrot 写道哥们,你集成成功了吗?我这样集成之后,登 ...
openfire集成现有系统的用户表 -
dxcsingle:
哥们 我如今也遇到这个问题 能讲哈怎么处理么?
openfire集成现有系统的用户表 -
hooktoo:
该例子有很严重的问题,java没释放内存
JNative dll回调函数使用实例
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app id="tomcat-demo" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <servlet> <servlet-name>TestServlet</servlet-name> <servlet-class>test.TestServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>TestServlet</servlet-name> <url-pattern>/test</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>TestServlet requires authentication</web-resource-name> <url-pattern>/test</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>tomcat</role-name> </auth-constraint> <user-data-constraint> <!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE --> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <!-- BASIC,DIGEST,FORM,CLIENT-CERT--> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/login-failed.html</form-error-page> </form-login-config> </login-config> </web-app>
注:transport-guarantee的值为CONFIDENTIAL,INTEGRAL时,需要配置ssl.
login.html
<form method="POST" action="j_security_check"> <table> <tr> <td colspan="2">Login to the Tomcat-Demo application:</td> </tr> <tr> <td>Name:</td> <td><input type="text" name="j_username" /></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="j_password"/ ></td> </tr> <tr> <td colspan="2"><input type="submit" value="Go" /></td> </tr> </table> </form>
login-failed.html
<p> Sorry, login failed! </p>
TestServlet.java
package test; import java.io.IOException; import java.io.PrintWriter; import java.util.Enumeration; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class TestServlet extends HttpServlet { private static final long serialVersionUID = 1L; protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("Welcome '" + request.getRemoteUser() + "'"); out.println("<br/><hr/>"); Enumeration headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { String headerName = (String) headerNames.nextElement(); out.print("Header Name: <em>" + headerName); String headerValue = request.getHeader(headerName); out.print("</em>, Header Value: <em>" + headerValue); out.println("</em><br/>"); } out.println("<br/><hr/>"); out.println("<a href=\"logout.jsp\">Click here to log out</a>"); } }
另:这种方式是验证是基于tomcat-users.xml,当然也可以继承org.apache.catalina.realm.DataSourceRealm.DataSourceRealm
说明:j_security_check正确的说应该是JAAS验证,原理是当用户在java程序中(正确的说通过JVM)通过网络或者IO的方式访问资源时,JVM会使用java.security.manager或者其他 java验证的类做代理去访问。在访问之前jvm会检验访问者是否有权访问。那么如何确认用户是否有权访问呢?jvm会通过 java.security.policy类查找授权用户的权限。
参考:http://apps.hi.baidu.com/share/detail/963439
http://download.oracle.com/javase/1.5.0/docs/guide/security/jaas/JAASRefGuide.html
发表评论
-
FreeMarker 模板文件 路径设置
2013-09-23 16:17 15551.freemarker 模板文件路径设置 ... -
关于JVM说明的摘要
2012-03-15 15:00 928If the JVM is launched w ... -
Disabling Certificate Validation in an HTTPS Connection
2011-12-09 13:49 1159final static HostnameVerifi ... -
[Maven]eclipse中的java项目转化成java ee项目
2011-11-22 15:25 1004mvn eclipse:eclipse -Dwtp ... -
Base62
2011-11-19 11:10 1568public class Base62 { pri ... -
poi 解析excel
2011-04-06 18:13 1331package com.synnex.web.c ... -
Ant with Maven environment
2011-02-16 14:36 893<?xml version="1.0" ... -
How can I setup my BlazeDS implementation with Log4J?
2011-01-25 16:09 880Out of box BlazeDS does no ... -
windows批处理命令执行java程序
2011-01-17 23:23 1580window auto.bat文件内容: ... -
How to specify firstDayOfWeek for java.util.Calendar using a JVM argument
2011-01-14 22:47 827Question: I'm trying t ... -
收集的工具方法
2011-01-09 23:19 817package org.codehaus.jackson.ut ... -
Creating a Thread Pool with Java
2010-12-19 22:08 1108As you can see, a thread pool i ... -
JBoss-4.2.3GA配置MySQL数据库连接池
2010-07-23 10:30 13051.将mysql的JDBC驱动放到的JBOSS_HOME\se ... -
svn插件导致eclipse崩溃
2010-06-10 10:19 1149从 http://subclipse.tigris.org/u ... -
Web 开发中的调试利器--tcptrace
2010-04-16 10:41 962Web 开发中的调试利器--tcptrace -
Tomcat6 Support JTA with JOTM
2010-04-07 11:47 17971 jotm jars into tomcat6/lib ... -
Fire Workflow工作流脚本
2010-03-10 16:43 924Fire Workflow 中的七张表脚本: Orale: ... -
java实现类似函数式语言的map/filter功能
2010-03-02 23:13 1087http://www.jdon.com/jivejdon/th ... -
comet网站
2010-01-07 15:20 138http://www.lightstreamer.com/ ... -
jsp中pageEncoding、charset=utf8"、(request/response).setCharacterEncoding("utf8")
2009-11-26 09:22 3179原文地址:http://hi.baidu. ...
相关推荐
The topic How to use SFTP (with client validation - password authentication) discusses the simplest form of client authentication, via password. In public key authentication, SSH clients and ...
Moss2007下创建Form Authentication站点
Passwordless Authentication With Golang
Configuring Controller 8.2 to use Active Directory authentication
What I want to show in this book is how to use Tomcat in a production, enterprise environment. You'll see the factors that go into using Tomcat as a critical part of an open source J2EE environment, ...
NULL 博文链接:https://wcf1987.iteye.com/blog/1253254
I set up saslauthd (of Cyrus-SASL) to use PAM-MySQL for authentication and noticed some authentication mechanisms such as CRAM-MD5 don't work. Why? PAM-MySQL is licensed under GNU Public License and ...
现代云端网络攻防 Modern Authentication with Azure Active Directory for Web Applications (Developer Reference)
Learn how to use forms, authentication, and authorization control through extensions, and provide a robust, safe web experience for the client Free yourself from the SQL vs NoSQL paradigm and use ...
How do you use it effectively? How do you harness the power? And, most important, how do you get high quality, real-world applications written? From the latest Ajax effects to time-saving automation ...
How do you use it effectively? How do you harness the power? And, most important, how do you get high quality, real-world applications written? From the latest Ajax effects to time-saving automation ...
Apple鉴权芯片,与apple设备进行数据交互时使用
Do you need guidelines on how to start transforming your organization with Kubernetes and cloud native patterns? Would you like to simplify software container orchestration and find a way to grow ...
Apache Tomcat 软件是Jakarta Servlet、 Jakarta Server Pages、 Jakarta Expression Language、 Jakarta WebSocket、 Jakarta Annotations和 Jakarta Authentication 规范的开源实现 。 压缩包内容: apache-...
Arduino Webserver with Authentication Sketch
Quantum Authentication of Classical Messages with Perfect SecurityQuantum Authentication of Classical Messages with Perfect SecurityQuantum Authentication of Classical Messages with Perfect Security
This concise cookbook shows you how it's done, with 18 targeted recipes for adding leaderboards, user authentication, achievements, multiplayer games, and many other features. How do you display ...
#RESTful Web服务基本身份验证 基本身份验证是保护任何URL的最简单方法。 用户应具有服务器访问URL的权限。 这是容器管理的身份验证。 #什么是身份验证? 是识别可以访问系统的用户的过程。... 有很多方法可以实现...
and the JSSE for encryption and authentication The ways in which padding mechanisms work in ciphers and how to spot and fix typical errors An understanding of how authentication mechanisms are ...
802.1X Port-Based Authentication HOWTO 英文,包括代码....