为什么要调用GET而不是doPOST?

时间:2014-06-19 02:46:59

标签: jsp

我正在使用Servlet / JSP测试基于表单的安全认证。我只是直接运行servlet,它应该根据web.xml文件询问我的登录验证。但它每次只需输入doGET方法。是的,我已经做了更改,在tomcat-users.xml文件中添加“角色”'用户'。我是J2EE的新手。所以请忍受我的愚蠢问题。

这是Login.jsp 

<form method="post" action="j_security_check">
<table>
    <tr>
        <td>User name: </td>
        <td><input type="text" name="j_username"></td>
    </tr>
    <tr>
        <td>Password: </td>
        <td><input type="password" name="j_password"></td>
    </tr>
</table>`enter code here`
<input type="submit"    value="Login">  
</form>

这是Servlet:

@WebServlet("/SecurityCheck")
public class SecurityCheck extends HttpServlet {
    private static final long serialVersionUID = 1L;

    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        response.setContentType("text/html");
        response.getWriter().println("I went to doGET");
    }

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        response.setContentType("text/html");
        response.getWriter().println("success........");
    }

}

这是web.xml:

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Security check</web-resource-name>
      <url-pattern>/SecurityCheck/*</url-pattern>
      <http-method>POST</http-method>
    </web-resource-collection>

    <auth-constraint>
      <role-name>users</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/Login.jsp</form-login-page>
      <form-error-page>/Faliure.jsp</form-error-page>
    </form-login-config>
  </login-config>
</web-app>

1 个答案:

答案 0 :(得分:1)

您是否也在web.xml中声明了安全角色?

   <security-role>
      <role-name>users</role-name>
   </security-role>

如果你正在访问你的servlet,比如

   SecurityCheck/myServlet

您希望通过正确的登录屏幕提示?您正在通过GET方法发出资源请求(默认)。这应该添加到您的安全约束中&gt; Web资源集合标记。 

   <http-method>GET</http-method>
   <http-method>POST</http-method>

目前,如果尚未对用户进行身份验证,则只会提示SecurityCheck路径中的POST方法进行登录。

相关问题
最新问题