尝试执行Action时的HTTP 403

时间:2013-07-24 21:16:38

标签: jsp tomcat servlets security-constraint

我在表单上有一个动作

<form action="LoginAction.do" method="POST">
            <div id="table"
                class="ui-widget-header ui-corner-all ui-widget-content">
                <table align="center" style="width: 100%">
                    <tr>
                        <td align="center"><span
                            style="color: white; font-size: 20px;"><fmt:message
                                    key="lg" /></span></td>
                        <td align="right"><input type="text" id="login" name="login" />
                        <td>
                    </tr>
                    <tr>
                        <td align="center"><span
                            style="color: white; font-size: 20px;"><fmt:message
                                    key="paswd" /></span></td>
                        <td align="right"><input type="text" id="password"
                            name="password" /></td>
                    </tr>
                    <tr>
                        <td align="right" colspan="2"><input type="submit"
                            id="approve" style="font-size: 10px;"
                            value="<fmt:message key='enter'/>" /></td>
                    </tr>
                </table>
            </div>
        </form>

按下按钮时应执行LoginAction

HttpSession session = req.getSession();
log.debug("attempt to checkuser");
String page = req.getRequestURI();
String login = req.getParameter("login");
String password = req.getParameter("password");
loginService = new LoginServiceImpl();
if (loginService.checkExists(login, password)) {
     session.setAttribute("enterAttr", true);
     session.setAttribute("loginame", login);
     return page;
}
session.setAttribute("enterAttr", false);
return "redirect:" + page;

在ActionServet中,它应检查Action的结果,然后重定向到某个页面。

String name = getActionName(req);
Action action = (Action) factory.getAction(name, getClass()
            .getClassLoader());         
String view = action.exec(req, resp);
//router
if (view.startsWith("redirect:")) {
     resp.sendRedirect(view.substring("redirect:".length(),
                view.length()));
} else {
     getServletContext().getRequestDispatcher(
                "/WEB-INF/jsp/" + view + ".jsp").forward(req, resp);

}

但是当我尝试按下按钮时,我没有HTTP Status 403 - Access to the requested resource has been denied

问题出在哪里?与tomcat用户有什么关系?

以下是web.xml

<?xml version="1.0" encoding="Cp1251"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">

<context-param>
    <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
    <param-value>messages</param-value>
</context-param>

<servlet>
    <servlet-name>ActionServlet</servlet-name>
    <servlet-class>com.project.reservation.web.ActionServlet</servlet-class>
</servlet>

<servlet-mapping>
    <servlet-name>ActionServlet</servlet-name>
    <url-pattern>*.do</url-pattern>
</servlet-mapping>

<security-role>
    <description>Role for administrator's actions</description>
    <role-name>admin</role-name>
</security-role>

<welcome-file-list>
    <welcome-file>/main.jsp</welcome-file>
</welcome-file-list>


<security-constraint>
    <web-resource-collection>
        <web-resource-name>reservation</web-resource-name>
        <url-pattern>*.do</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

1 个答案:

答案 0 :(得分:2)

您正在实现自己的身份验证机制,但使用容器web.xml文件来指定安全性约束。如果我是你,我可以尝试将我的身份验证代码移动到过滤器并从web.xml文件中删除安全约束。