java - tomcat jdbc 领域 - j_security 不重定向

<Realm className="org.apache.catalina.realm.JDBCRealm"
       driverName="com.mysql.jdbc.Driver"
       connectionURL="jdbc:mysql://localhost/db"
       connectionName="user"
       connectionPassword="password"
       allRolesMode="authOnly"
       digest="SHA" 
       userTable="app" 
       userNameCol="login" 
       userCredCol="login"
       userRoleTable="login" 
       roleNameCol="group"/>  

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>realm</realm-name>
    <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
</login-config>

<form action="j_security_check" method="POST">
<tr>username:<td><input type="text"     name="j_username" style="width:100px;"></td></tr>
<tr> password:<td><input type="text"     name="j_ password " style="width:100px;"></td></tr>
<tr>< input type="submit"   name="btnLogin" value="login"></td></tr>
</form>

部署后，我收到 HTTP 状态 400 - 对表单登录页面的直接引用无效

这是浏览器控制台输出..

Remote Address:::1:8080
Request URL:http://devserver:8080/testapp/j_security_check
Request Method:POST
Status Code:400 Bad Request
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,ta;q=0.6
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:53
Content-Type:application/x-www-form-urlencoded
Cookie:JSESSIONID=BE7C932856A7794D9C780531A29FB25F
Host:localhost:8080
Origin:http://devserver:8080
Referer:http://devserver:8080/testapp/timeout.jsp
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Form Dataview sourceview URL encoded
j_username:testuser
j_password:testuser
btnLogin:login
Response Headersview source
Connection:close
Content-Length:1054
Content-Type:text/html;charset=utf-8
Date:Fri, 27 Jun 2014 12:13:00 GMT
Server:Apache-Coyote/1.1

我还为领域启用了日志，成功登录后 j_security_check 没有重定向

Jun 27, 2014 5:42:49 PM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE:  Not subject to any constraint
Jun 27, 2014 5:43:00 PM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Security checking request POST /testapp/j_security_check
Jun 27, 2014 5:43:00 PM org.apache.catalina.authenticator.FormAuthenticator authenticate
FINE: Authenticating username 'testuser'
Jun 27, 2014 5:43:00 PM org.apache.catalina.authenticator.FormAuthenticator authenticate
FINE: Authentication of 'testuser' was successful
Jun 27, 2014 5:43:00 PM org.apache.catalina.authenticator.FormAuthenticator authenticate
FINE: Redirecting to original 'null'
Jun 27, 2014 5:43:00 PM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE:  Failed authenticate() test ??/ testapp/j_security_check

最佳答案

tomcat 中的身份验证通过质询进行。如果您尝试访问 protected 资源，Tomcat 会将您重定向到登录页面。一旦通过身份验证，它将重定向到请求的初始页面。如果您直接访问登录页面，则没有初始请求，因此会出现错误: HTTP 状态 400 - 对表单登录页面的直接引用无效

在您的情况下，要么首先尝试访问 protected 资源，要么将 landingPage 属性添加到您的身份 validator 以获得您想要的内容 ( see the documentation )

编辑:landingPage 属性仅在 Tomcat7 之后可用。

例如，在您的 context.xml 文件中:

<Context>
<Valve className="org.apache.catalina.authenticator.FormAuthenticator" landingPage="connected.jsp"/>
<Realm className="org.apache.catalina.realm.JDBCRealm"
   driverName="com.mysql.jdbc.Driver"
   connectionURL="jdbc:mysql://localhost/db"
   connectionName="user"
   connectionPassword="password"
   allRolesMode="authOnly"
   digest="SHA" 
   userTable="app" 
   userNameCol="login" 
   userCredCol="login"
   userRoleTable="login" 
   roleNameCol="group"/>
</Context>

关于java - tomcat jdbc 领域 - j_security 不重定向，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/24451777/

java - tomcat jdbc 领域 - j_security 不重定向

上一篇：unix - 改成80端口后无法访问tomcat主页

下一篇：java - 异常 org.springframework.beans.factory.CannotLoadBeanClassException : Cannot find class