Java Web应用程序中的用户访问级别

时间:2012-08-16 04:06:56

标签: java jsp authentication tomcat servlets

我正在尝试将用户访问级别放在My Java Web Application中。但是我输入了我在tomcat-user.xml文件中声明的正确用户名和密码它无效。它锣到loginerror页面。基本身份验证方法也不接受正确的用户名和密码。

这个tomcat-users.xml

<tomcat-users>
<!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary.
-->
<!--
  NOTE:  The sample user and role entries below are wrapped in a comment
  and thus are ignored when reading this file. Do not forget to remove
  <!.. ..> that surrounds them.
-->
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>

-->
<role rolename=”Admin”/>
<role rolename=”Member”/>
<role rolename=”Doctor”/>
<role rolename=”Guest”/>
<user username=”sirojan” password=”sirojan” roles=”Admin” />
<user username=”ram” password=”ram123” roles=”Member” />
<user username=”vithu” password=”newbie” roles=”Guest” />
</tomcat-users>

这是server.xml文件的一部分

<Realm className="org.apache.catalina.realm.LockOutRealm">


    <Realm className="org.apache.catalina.realm.MemoryRealm" /> 

        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
<!-- <Realm className="org.apache.catalina.realm.MemoryRealm" /> -->
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/><!--
-->      </Realm>

这是我的web.xml文件的一部分

<security-role> 
        <role-name>Admin</role-name> 
    </security-role>
    <security-role>
        <role-name>Member</role-name> 
    </security-role>
    <security-role>
        <role-name>Guest</role-name> 
    </security-role>
    <security-role>
        <role-name>Doctor</role-name> 
    </security-role>
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login2.jsp</form-login-page>
            <form-error-page>/loginerror.jsp</form-error-page>
        </form-login-config>
    </login-config>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>AdminTasks</web-resource-name>
            <url-pattern>/Department.jsp</url-pattern>

            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>Admin</role-name>
            <role-name>Member</role-name>
        </auth-constraint>

    </security-constraint>
    <error-page>
        <error-code>404</error-code>
        <location>/notFoundError.jsp</location>
    </error-page> 

</web-app>

我有什么不对吗?如果你需要进一步的评论吧。你能给出解决方案吗?

1 个答案:

答案 0 :(得分:0)

首先检查现有角色是否适合您。

为此你需要取消注释tomcat-users.xml中的角色

如果它们正在工作,并且你能够在tomcat控制台中登录,那么问题就是你的语法,

如果它们不起作用,那么你需要使用错误页面文档并检查你所做的是否正确,因为这很容易并且每次都适用于我。