Tomcat 通过数据库验证的配置方法(BASIC,FORM).

昊漫玉

　　1.Tomcat默认验证的配置 通过tomcat-user.xml进行验证
server.xml <Realm className="org.apache.catalina.realm.UserDatabaseRealm"  debug="0" resourceName="UserDatabase"/>
tomcat-user.xml <?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="user"/>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="derek" password="dada" roles="admin,user"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="admin" password="dada" roles="admin,manager"/>
</tomcat-users>

2.配置验证,通过数据库
(用户表member:帐号字段wno,密码字段password; 权限表system_permit: 权限字段system_code)
server.xml <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
             driverName="net.sourceforge.jtds.jdbc.Driver"
          connectionURL="jdbc:jtds:sqlserver://192.168.56.32:1433/testDB"
          connectionName="sa" connectionPassword="sa"
              userTable="member" userNameCol="WNO" userCredCol="Password"
          userRoleTable="system_permit" roleNameCol="system_code" />
driverName 驱动名字
connectionURL 数据库连接url
connectionName 连接的用户名
connectionPassword 连接的密码
userTable 用户表
userNameCol 用户名列
userCredCol 密码列
userRoleTable 角色表
roleNameCol 角色名字字段


一 Basic验证
Web.xml   <security-constraint>
    <web-resource-collection>
      <web-resource-name>admin page</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Password required</realm-name>
  </login-config>
  <security-role>
    <role-name>admin</role-name>
  </security-role>
取得用户登陆帐号         String auth_user = null;
        String auth = request.getHeader("Authorization");
        String encoded = auth.substring(6);
        sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
        String decoded = new String(dec.decodeBuffer(encoded));
        String[] userAndPass = decoded.split(":", 2);
        auth_user = userAndPass[0];
        session.setAttribute(ADMIN_ID,auth_user);



二、FORM验证
1.准备login.jsp页面<FORM name="logonForm"  method="post" action="j_security_check">
   <input name="j_username" type="text" />
   <input name="j_password" type="password" />
   <input  type="submit" value="LOGIN"/>
</FORM>
*     帐号  j_username
*     密码  j_password
*     action  j_security_check
“*”内容为固定写法，不能改变
2.配置web.xml  <security-constraint>
    <web-resource-collection>
      <web-resource-name>admin page</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
  </login-config>  <security-role>
    <role-name>admin</role-name>
  </security-role>