我正在尝试构建一个securewebapp,如David Heffelfinger的书“使用NetBeans 6进行Java EE 5开发:使用这个流行的IDE快速轻松地开发专业企业Java EE 5应用程序”中所述。在执行最后一步(GlassFish特定安全配置)后,我尝试运行该程序。我收到以下错误消息:
deploy?DEFAULT=/home/bjorn/NetBeansProjects/securewebapp/build/web&name=securewebapp&contextroot=/securewebapp&force=true failed on GlassFish Server 3+
Error occurred during deployment: Exception while deploying the app [securewebapp] : org.xml.sax.SAXParseException; lineNumber: 28; columnNumber: 57; Deployment descriptor file WEB-INF/web.xml in archive [web]. cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.. Please see server.log for more details.
/home/bjorn/NetBeansProjects/securewebapp/nbproject/build-impl.xml:1033: The module has not been deployed.
See the server log for details.
BUILD FAILED (total time: 2 seconds)
日志文件显示:
SEVERE: DPL8015: Invalid Deployment Descriptors in Deployment descriptor file WEB-INF/web.xml in archive [web].
Line 28 Column 57 -- cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.
SEVERE: DPL8005: Deployment Descriptor parsing failure : cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.
SEVERE: Exception while deploying the app [securewebapp]
SEVERE: org.xml.sax.SAXParseException; lineNumber: 28; columnNumber: 57; Deployment descriptor file WEB-INF/web.xml in archive [web]. cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.
有人知道如何使安全的Web应用程序正常运行吗?
修改
文件web.xml包含:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<servlet>
<servlet-name>SecureServlet</servlet-name>
<servlet-class>SecureServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SecureServlet</servlet-name>
<url-pattern>/SecureServlet</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<security-constraint>
<display-name>Admin Pages</display-name>
<web-resource-collection>
<web-resource-name>Administrative Pages</web-resource-name>
<description/>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>index.jsp</form-login-page>
<form-error-page>errorpage.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Administrator</description>
<role-name>admin</role-name>
</security-role>
<security-role>
<description>User</description>
<role-name>user</role-name>
</security-role>
</web-app>
答案 0 :(得分:0)
更改您的<login-config>并将/放入文件路径。
<form-login-config>
<form-login-page>/index.jsp</form-login-page>
<form-error-page>/errorpage.jsp</form-error-page>
</form-login-config>
编辑:基于JAAS表单的身份验证如何运作?
基于表单的身份验证的工作方式是用户首先尝试从公共可访问的资源文件(如index.jsp或home.jsp)访问受保护的资源(如/admin/admin.jsp),如果未经身份验证的话重定向到<form-login-page>(如login.jsp)。
此时的容器已保存用户尝试访问的受保护资源的URL,如果身份验证成功, 会自动将 重定向到 。如果身份验证失败,则您已知的用户将被重定向到<form-error-page>。
因此,我建议您将index.jsp重命名为login.jsp,并创建一个带有/admin/admin.jsp链接的新index.jsp。您也可以尝试直接访问admin.jsp。然后它会按你的意愿工作。