身份验证成功后,我的Tomcat Webapp会限制资源

时间:2019-04-15 15:28:30

标签: authentication tomcat ldap tomcat8

我正在tomcat8实例(在Docker容器内)中构建基本的Web应用程序。我已经能够针对我的ldap服务器成功配置具有基本身份验证的应用程序,但是,切换到基于表单的身份验证会提示我进行登录/通过,但是在提供正确的凭据后,资源仍然受到限制。 / p>

在我的App / WEB-INF / web.xml中,我能够成功设置基本身份验证。这意味着我的LDAP JNDI领域的server.xml配置已正确配置。但是,一旦我使用登录/错误jsp页面切换到基于表单的表单,在进行身份验证后,我将不再获得访问权限。

myApp / WEB-INF / web.xml 

    <servlet>
        <servlet-name>My Application</servlet-name>
        <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
        <init-param>
          <param-name>javax.ws.rs.Application</param-name>
          <param-value>com.company.MyApplication</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>My Application</servlet-name>
        <url-pattern>/myApp/*</url-pattern>
    </servlet-mapping>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>TheApplication</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>app-user</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>app-user</role-name>
    </security-role>

    <!-- This works!! -- Basic Auth config -->
<!--    <login-config> -->
<!--        <auth-method>BASIC</auth-method> -->
<!--        <realm-name>LDAP Realm</realm-name> -->
<!--    </login-config> -->

    <!-- Non-working Form-Based Auth config -->
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>LDAP Realm</realm-name>
        <form-login-config>
            <form-login-page>/loginTest.jsp</form-login-page>
            <form-error-page>/loginerrorTest.jsp</form-error-page>
        </form-login-config>
    </login-config>
    <session-config>
        <session-timeout>30</session-timeout>
    </session-config>

myApp / loginTest.jsp 

<form method="POST" action="j_security_check">
<table>
    <tr>
        <td colspan="2">Login to the Tomcat-Demo application:</td>
    </tr>
    <tr>
        <td>Name:</td>
        <td><input type="text" name="j_username" /></td>
    </tr>
    <tr>
        <td>Password:</td>
        <td><input type="password" name="j_password"/></td>
    </tr>
    <tr>
        <td colspan="2"><input type="submit" value="Go" /></td>
    </tr>
</table>
</form>

myApp / loginerrorTest.jsp 

<p>
Invalid Login
</p>

网页:/ myApp / dashboard /提示我输入loginTest.jsp,我可以登录。但是,我没有看到仪表板页面,而是从tomcat收到了“ 404 Not Found”错误消息:

Type Status Report

Message /myApp/dashboard/

Description The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.

0 个答案:

没有答案
相关问题
最新问题