我正在尝试保护 Tomcat 上的 Jersey 服务,但从浏览器访问它时遇到问题。我已经尝试了几个教程,但没有一个有正确的解决方案,所以如果您还使用过 REST,请告诉我问题出在哪里。这是我正在使用的配置文件:
网络.xml
<security-constraint>
<display-name>Security for Your Enterprise</display-name>
<web-resource-collection>
<web-resource-name>Your Enterprise web Security</web-resource-name>
<description>Redirect all to SSL</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description />
<role-name>role1</role-name>
</auth-constraint>
<user-data-constraint>
<description>Protection should be CONFIDENTIAL</description>
<transport-guarantee>INTEGRAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>role1</role-name>
</security-role>
tomcat的服务器.xml
<Connector
clientAuth="false"
minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
port="8443"
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="serverkey.keystore"
keystorePass="pwd"
protocol="HTTP/1.1"
sslProtocol="TLS"
/>
tomcat 用户:
<tomcat-users>
<role rolename="role1"/>
<user
username="CN=10.0.25.21,OU=, O=, L=, ST=, C="
password="pwd" roles="role1"
/>
最佳答案
将值更改为 secret 。
关于tomcat - 保护 REST Jersey,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5565493/