我正在使用Apache Tomcat开发一个Web应用程序。我已经按照指南来实现表单身份验证,但有些东西不起作用。当我尝试使用正确的凭据登录时,我收到此错误:
HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
type Status report
message The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
description The client did not produce a request within the time that the server was prepared to wait.
Apache Tomcat/8.0.0-RC5
如果我改为插入无效凭据,Tomcat会将我正确地重定向到login-failed.html页面。 这是我的Web应用程序的结构:
<webapps>
/mywebapp
/css
/html
login.html
login-failed.html
/members
members-index.html
/js
/META-INF
context.xml
/WEB-INF
web.xml
users.xml
web.xml文件:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="mywebapp" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>My web app</display-name>
<description>My web app description</description>
<welcome-file-list>
<welcome-file>html/login.html</welcome-file>
</welcome-file-list>
<!-- Define the roles we want to use in the application -->
<security-role>
<role-name>member</role-name>
</security-role>
<security-constraint>
<!-- Define the resource -->
<web-resource-collection>
<web-resource-name>Members Only</web-resource-name>
<url-pattern>/html/members/*</url-pattern>
</web-resource-collection>
<!-- Only members can access this resource -->
<auth-constraint>
<role-name>member</role-name>
</auth-constraint>
<user-data-constraint>
<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Use FORM security -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/html/login.html</form-login-page>
<form-error-page>/html/login-failed.html</form-error-page>
</form-login-config>
</login-config>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>
users.xml文件:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="member"/>
<user username="john" password="pass" roles="member"/>
</tomcat-users>
context.xml文件:
<Context>
<Realm className="org.apache.catalina.realm.MemoryRealm"
pathname="webapps/mywebapp/WEB-INF/users.xml" />
</Context>
login.html文件:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="it" lang="it">
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
</head>
<body>
<div id="container">
<form id="login_form" method="post" action="j_security_check">
<fieldset>
<legend>Login</legend>
<ul>
<li>
<label for="username">Username:</label>
<input type="text" name="j_username" maxlength="25" />
</li>
<li>
<label for="password">Password:</label>
<input type="password" name="j_password" maxlength="32" />
</li>
</ul>
<input type="submit" value="Go" />
</fieldset>
</form>
</div>
</body>
</html>
登录失败的文件:
<h1>Login failed</h1>
members-index.html文件:
<h1>Welcome to Members Area</h1>
谢谢。