如果我打开示例 URL http://localhost:8080/examples/jsp/security/protected/index.jsp第一次,我将看到带有用户名和密码字段的登录表单。这种形式的 HTML 代码位于 login.jsp 文件中,但我没有看到从 index.jsp 调用它的代码。这个调用是如何完成的?
最佳答案
在对应的web.xml中定义:
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/protected/login.jsp</form-login-page>
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>
您可以在 <tomcat>/webapps/examples/WEB-INF 中找到该文件。它利用内置的 Java EE 安全功能。上一篇security-constraint部分定义要保护的资源:
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/jsp/security/protected/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>tomcat</role-name>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
关于java - Tomcat7安全样本如何调用login.jsp?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9033013/