我尝试使用web.xml和tomcat-users.xml在tomcat中保护我的网络应用程序,但它无效。我使用正确的登录名和密码收到401错误。
我的web.xml安全部分:
<security-constraint>
<web-resource-collection>
<web-resource-name>Web Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myuser</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>myuser</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
我的tomcat-users.xml:
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="myuser"/>
<role username="myuser" password="myuser" role="myuser"/>
</tomcat-users>
答案 0 :(得分:1)
我认为它错过了http-methods,因此您可以尝试添加此内容:
<http-method>GET</http-method>
<http-method>POST</http-method>
<url-pattern>/*</url-pattern>代码后
<强>更新
更新您的tomcat-users.xml文件,将其更改:
<role username="myuser" password="myuser" role="myuser"/>
为此:
<user username="myuser" password="myuser" role="myuser"/>