<login-config><auth-method>BASIC</auth-method></login-config>
web实现basic与FORM验证
在web应用中,要经常对用户的身份进行验证的,但其实TOMCAT下配合SERVLET的话,也可以实现一些简单的验证,以往
可能大家都会忽略之,现再简单总结学习之。
1、BASIC验证机制
这有点象WINDOWS集成验证机制,就是验证时弹出一个窗口,要你输入用户名和密码。做法如下
首先建立在webapps下建立目录member,下面放一个需要假设要权限才能查看的页面test.html,
然后在tomcat的\conf目录下找到tomcat-users.xml文件,在其中增加
<user username="test" password="test" roles="member"/>
这里我们定义了角色member
然后再在web.xml里,如下定义
<web-app><security-constraint> <web-resource-collection> <web-resource-name> Member Area </web-resource-name> <description> Only registered members can access this area. </description> <url-pattern>/member/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>member</role-name> </auth-constraint></security-constraint><login-config> <auth-method>BASIC</auth-method></login-config><security-role> <role-name>member</role-name></security-role></web-app>
<web-app><security-constraint> <web-resource-collection> <web-resource-name> Member Area </web-resource-name> <description> Only registered members can access this area. </description> <url-pattern>/member/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>member</role-name> </auth-constraint></security-constraint><login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login/a.html </form-login-page> <form-error-page>/login/error.html </form-error-page> </form-login-config></login-config><security-role> <role-name>member</role-name></security-role></web-app>最后设定web.xml