Apache Tomcat:表单身份验证时出现408错误

时间:2013-12-21 11:53:11

标签: forms tomcat authentication

我正在使用Apache Tomcat开发一个Web应用程序。我已经按照指南来实现表单身份验证,但有些东西不起作用。当我尝试使用正确的凭据登录时,我收到此错误:

HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser

type Status report

message The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser

description The client did not produce a request within the time that the server was prepared to wait.

Apache Tomcat/8.0.0-RC5

如果我改为插入无效凭据,Tomcat会将我正确地重定向到login-failed.html页面。 这是我的Web应用程序的结构:

<webapps>
    /mywebapp
        /css
        /html
            login.html
            login-failed.html
            /members
                members-index.html
        /js
        /META-INF
            context.xml
        /WEB-INF
            web.xml
            users.xml

web.xml文件:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="mywebapp" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

    <display-name>My web app</display-name>
    <description>My web app description</description>

    <welcome-file-list>
        <welcome-file>html/login.html</welcome-file>
    </welcome-file-list>

    <!-- Define the roles we want to use in the application -->
    <security-role> 
        <role-name>member</role-name> 
    </security-role>

    <security-constraint> 
        <!-- Define the resource -->
        <web-resource-collection> 
            <web-resource-name>Members Only</web-resource-name> 
            <url-pattern>/html/members/*</url-pattern> 
        </web-resource-collection> 

        <!-- Only members can access this resource --> 
        <auth-constraint> 
            <role-name>member</role-name> 
        </auth-constraint>  

        <user-data-constraint>
            <!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>     
    </security-constraint> 

    <!-- Use FORM security -->
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/html/login.html</form-login-page>
            <form-error-page>/html/login-failed.html</form-error-page>
        </form-login-config>
    </login-config>

    <session-config>
    <session-timeout>30</session-timeout>
    </session-config>

</web-app>

users.xml文件:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
    <role rolename="member"/>

    <user username="john" password="pass" roles="member"/>
</tomcat-users>

context.xml文件:

<Context>
    <Realm className="org.apache.catalina.realm.MemoryRealm" 
           pathname="webapps/mywebapp/WEB-INF/users.xml" />
</Context>

login.html文件:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"  xml:lang="it" lang="it">
<head>
    <title>Login</title> 
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
</head>
<body>
    <div id="container">
        <form id="login_form" method="post" action="j_security_check">
        <fieldset>
            <legend>Login</legend>
            <ul>
                <li>
                    <label for="username">Username:</label>
                    <input type="text" name="j_username" maxlength="25" /> 
                </li>
                <li>
                    <label for="password">Password:</label>
                    <input type="password" name="j_password" maxlength="32" /> 
                </li>               
            </ul>
            <input type="submit" value="Go" />
        </fieldset>
        </form>
    </div>
</body>
</html>

登录失败的文件:

<h1>Login failed</h1>

members-index.html文件:

<h1>Welcome to Members Area</h1>

谢谢。

0 个答案:

没有答案