我正在尝试使用web.xml和tomcat-users.xml在tomcat中保护我的管理页面,但它无效。出现登录表单但无法连接
以下是我的网站/ WEB_INF文件夹中的web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Admin</realm-name>
</login-config>
服务器/ tomcat / conf /文件夹中的tomcat-users.xml:
<tomcat-users>
<role rolename="manager"/>
<role rolename="tomcat"/>
<role rolename="admin"/>
<role rolename="role1"/>
<user username="manager" password="manager" roles="manager"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="admin" password="admin" roles="admin"/>
</tomcat-users>
有什么想法吗?
答案 0 :(得分:10)
可能迟到回答,但无论如何 您在web.xml中缺少角色,也不必提及领域 因此,web.xml应如下所示
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<!-- Please note following line .. its commented -->
<!-- <realm-name>Admin</realm-name> -->
</login-config>
<!-- Following section was missing -->
<security-role>
<role-name>admin</role-name>
</security-role>