Topic: 如何实现自己的安全认证使之使用中的web.xml配置? |
Print this page |
1.如何实现自己的安全认证使之使用中的web.xml配置? | Copy to clipboard |
Posted by: cloudeye Posted on: 2003-03-11 09:29 一个应用,希望通过部署描述文件web.xml来配置资源授权。 比如: Web.xml ------------- <security-constraint> <web-resource-collection> <web-resource-name>Edit Profile</web-resource-name> <url-pattern>/editProf.do</url-pattern> </web-resource-collection> <auth-constraint> <role-name>manager</role-name> </auth-constraint> </security-constraint> 如果我自己来实现用户认证,也就是自己写登录代码(我用struts): <form action="logon.do"> <html:text property="user"/>... <html:password property="password"/> <html:submit/> </form> 然后实现logon.do映射到的logonAction类。请问,我要如何写logonAction才能让 容器知道用户已经成功登录? 也就是说,在客户请求editProf.do时候,容器会进行安全检查,那么它会检查一些 什么来确定用户是否登录,对应的,我在logonAction中要写什么呢? 呵呵,还是觉得没有描述清楚,容我再罗嗦一句: 如果我不使用容器内建的登录检查类(比如Tomcat有JDBC Realm类),我自己如何实现 登录类才能用上web.xml中的资源授权配制? |
2.Re:如何实现自己的安全认证使之使用中的web.xml配置? [Re: cloudeye] | Copy to clipboard |
Posted by: ftang Posted on: 2003-03-11 12:26 You can use "form login" config. The url of your HTML form is define as "j_security_check", and username field should be "j_username", password should be "j_password". These are defined in Servlet specification. You do NOT have to write your own login action. If you really want your own logic program, you can do it in a Servlet Filter. But this is not defined in Servlet specification, so it is not relevant to web.xml. |
Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1 客服电话 18559299278 客服信箱 714923@qq.com 客服QQ 714923 |