总结&&疑问:
在Tomcat中配置摘要认证相对来说比较简单。但也需要注意一下几点:
1. 在使用JDBC Realm的时候,用户表和角色表的 用户名这一列的列名必须完全一致。
2. 在使用摘要认证的时候,参考tomcat的说明,貌似数据库中只能够存放明文(未测试)。
(Note that HTTP digest
authentication is different from the storage of password digests in
the repository for user information as discussed above).
3. 貌似无法为不同的路径设置不同的认证方式。
示例工程代码:
【Tomcat Basic、Digest认证】test.zip HTTP FORM 认证的例子在Tomcat的发布包中自带的就有,参考:
apache-tomcat-6.0.29.zip/apache-tomcat-6.0.29/webapps/examples/jsp/security/protected/login.jsp
测试环境:
apache-tomcat-6.0.29
mysql-essential-5.1.50-win32.msi
eclipse 3.5
示例工程结构:
/test/src/auth.sql -- 在MySQL中创建schema、table、和数据
/test/WebContent/auth/index.html -- 受保护的测试页面
/test/WebContent/META-INF/context.xml -- Tomcat中配置的Realm
/test/WebContent/WEB-INF/lib/mysql-connector-java-5.1.5-bin.jar
-- 使用Realm时连接数据库的jdbc jar包
/test/WebContent/WEB-INF/web.xml -- web.xml
步骤:
1. 创建所需的表和数据:
auth.sql
- /* mysql tested. */
-
create schema auth ;
-
-
create table users (
-
user_name varchar(15) not null primary key,
-
user_pass varchar(15) not null
-
);
-
-
create table user_roles (
-
user_name varchar(15) not null,
-
role_name varchar(15) not null,
-
primary key (user_name, role_name)
-
);
-
-
insert into users (user_name, user_pass) values ( 'zhang3', '123456');
-
insert into users (user_name, user_pass) values ( 'li4', '123456');
-
insert into users (user_name, user_pass) values ( 'wang5', '123456');
-
-
insert into user_roles (user_name, role_name) values ( 'zhang3', 'ADMIN');
-
insert into user_roles (user_name, role_name) values ( 'zhang3', 'USER');
-
insert into user_roles (user_name, role_name) values ( 'li4', 'USER');
-
insert into user_roles (user_name, role_name) values ( 'wang5', 'GUEST');
2. 创建JDBC Realm
context.xml
- <?xml version="1.0" encoding="UTF-8"?>
-
<Context>
-
<!-- digest="MD5" -->
-
<Realm className="org.apache.catalina.realm.JDBCRealm"
-
driverName="com.mysql.jdbc.Driver"
-
connectionURL="jdbc:mysql://localhost:3306/auth"
-
connectionName="root"
-
connectionPassword="123456"
-
-
userTable="users"
-
userNameCol="user_name"
-
userCredCol="user_pass"
-
-
userRoleTable="user_roles"
-
roleNameCol="role_name" />
-
</Context>
3. 按需要修改 web.xml
web.xml
- <?xml version="1.0" encoding="UTF-8" ?>
-
-
<web-app xmlns=""
-
xmlns:xsi=""
-
xsi:schemaLocation=" /web-app_2_4.xsd" version="2.4">
-
-
<!-- 设置需要认证的范围 -->
-
<security-constraint>
-
<display-name>Test Auth</display-name>
-
<web-resource-collection>
-
<web-resource-name>Protected Area</web-resource-name>
-
<url-pattern>/auth/*</url-pattern>
-
<http-method>DELETE</http-method>
-
<http-method>GET</http-method>
-
<http-method>POST</http-method>
-
<http-method>PUT</http-method>
-
</web-resource-collection>
-
<auth-constraint>
-
<role-name>ADMIN</role-name>
-
<role-name>USER</role-name>
-
</auth-constraint>
-
</security-constraint>
-
-
<!-- 设置该Web应用使用到的角色 -->
-
<security-role>
-
<role-name>ADMIN</role-name>
-
</security-role>
-
<security-role>
-
<role-name>USER</role-name>
-
</security-role>
-
<security-role>
-
<role-name>GUEST</role-name>
-
</security-role>
-
-
<!-- 设置认证方式 -->
-
<!--
-
<login-config>
-
<auth-method>BASIC</auth-method>
-
<realm-name>Basic Authentication</realm-name>
-
</login-config>
-
-->
-
<login-config>
-
<auth-method>DIGEST</auth-method>
-
<realm-name>Digest Authentication</realm-name>
-
</login-config>
-
</web-app>
(可以分别启用不同的 login-config 进行basic或digest认证)
4. 在Tomcat中运行,在浏览器的URL中输入以下地址进行测试:
用户 "zhang3", "li4" 可以登录,而 "wang5" 则不可以。(密码均为:"123456")
阅读(2824) | 评论(0) | 转发(0) |