我们的Web应用程序部署在Tomcat上,目前使用UserDatabaseRealm来提高安全性。我们希望在应用程序中提供一个页面,用户可以在其中更改密码 - 一个简单,通用的Web应用程序功能。我找不到任何示例servlet代码来执行此操作。 UserDatabaseRealm的Tomcat描述意味着它可以在服务器启动时加载XML后以编程方式更新,并且还可以将更改保存回XML文件。简要提及JMX作为一种手段,但没有细节。
我们的目标是在此应用程序中没有数据库,因此我们真的不想使用JDBC领域。更改用户密码(以及管理员,添加/删除用户)的Java servlet代码是什么样的?
感谢您提供的线索,这是我工作的Tomcat MemoryUserDatabase servlet(减去任何加密,密码验证,错误处理等):
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
// Get current password for currently authenticated user
String username = request.getRemoteUser();
MBeanServer server = ManagementFactory.getPlatformMBeanServer();
ObjectName userObjName = new ObjectName("Users:type=User,username=\""+username+"\",database=UserDatabase");
Object password = server.getAttribute(userObjName, "password");
System.out.println("Current Password = "+password.toString());
// Get new password from request parms and update the DB
String newPw = request.getParameter("newpw");
server.setAttribute(userObjName, new Attribute("password", newPw));
// Password is updated in-memory, now write to file.
// Note Tomcat MemoryUserDatabase.save() implementation does not synchronize this
// operation, so it can fail badly if multiple users do this at the same time.
// Ugh. Should do this in a static synchronized method.
server.invoke(
new ObjectName("Users:type=UserDatabase,database=UserDatabase"),
"save",
new Object[0],
new String[0]);
// If no exception, save was OK (it returns VOID, so there is no return value to check)
}
catch (Throwable t) {
// Should return proper HTTP error code...
t.printStackTrace(System.err);
}
}
答案 0 :(得分:0)
我只想出这个。
首先,您必须更新server.xml并将readonly = false添加到:
<Resource auth="Container" readonly="false" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
然后在jsp文件中:
<%!public static boolean changePasswd(String user, String passwd, MBeanServer mbeanServer, JspWriter out) throws Throwable{
try {
String userFDN = "Users:type=User,username=\""+user+"\",database=UserDatabase";
ObjectName userObjName = new ObjectName(userFDN);
MBeanInfo info = mbeanServer.getMBeanInfo(userObjName);
Attribute attr=new Attribute("password",passwd);
mbeanServer.setAttribute(userObjName, attr);
ObjectName databaseObjName=new ObjectName("Users:type=UserDatabase,database=UserDatabase");
Object result= mbeanServer.invoke(databaseObjName,"save",new Object[0],new String[0]);
out.println("<b>Changed password and, Saved: "+result+"</b>");
return true;
} catch (Throwable t) {
out.print("<font color='red'>WHY: </font>" + t);
}
return false;
}%>
<%MBeanServer mbeanServer = (MBeanServer) list.get(0);
//ObjectName obname = new ObjectName( "Catalina:type=Resource,resourcetype=Global,class=org.apache.catalina.UserDatabase,name=\"UserDatabase\"" );
ArrayList list = MBeanServerFactory.findMBeanServer(null);
MBeanServer mbeanServer = (MBeanServer) list.get(0);
changePasswd("user","passwd",mbeanServer,out);
/ N