欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

security 认证 HTTP基本认证。

程序员文章站 2024-02-09 16:02:34
...

JavaWeb基本的认证是通过分组
把用户按照权限分组(role),给每个role分配不同的操作权限

在xml中做如下配置

<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="true" version="3.0">
 
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>User Basic Auth</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>tomcat</role-name>
    </auth-constraint>
  </security-constraint>
  
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>User Basic Auth</realm-name>
  </login-config>
  
  
</web-app>

在Serves下的tomcat-users.xml中配置role和user

<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  
  <user username="tomcat01" password="tomcat01" roles="tomcat"/>
  <user username="tomcat02" password="tomcat02" roles="tomcat"/>
  <user username="tomcat03" password="tomcat03" roles="tomcat"/>
  
  <user username="both" password="both1" roles="tomcat,role1"/>
  <user username="role1" password="role11" roles="role1"/>
</tomcat-users>

上一篇: HTTP认证之基本认证

下一篇:

推荐阅读