1. web.xml 配置
<!-- 设置需要认证的范围 -->
<security-constraint>
<display-name>FORM Auth</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/test.do</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint> <role-name>tomcat</role-name> <security-role>
<!-- Set the role used by the web application-->
</security-role>
<security-role>
<role-name>role1</role-name>
</security-role>
<!-- 摘要认证方式 -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
2.tomcat-users.xml 配置,也可以在context.xml 配置 JDBC Realm
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
简单的可以用 tomcat-users.xml ,复杂点的可以用JDBC Realm
3. login.jsp
<form action="<%= response.encodeURL("j_security_check") %>" method="post">
<input type="text" name="j_username" />
<input type="password" name="j_password" />
<input type="submit" value="enter" />
</form>
HTTP form authentication method
Guess you like
Origin http://10.200.1.11:23101/article/api/json?id=327040902&siteId=291194637
Recommended
Ranking