Topic: 如何实现自己的安全认证使之使用中的web.xml配置?

  Print this page

1.如何实现自己的安全认证使之使用中的web.xml配置? Copy to clipboard
Posted by: cloudeye
Posted on: 2003-03-11 09:29

一个应用,希望通过部署描述文件web.xml来配置资源授权。
比如:
Web.xml
-------------
<security-constraint>
<web-resource-collection>
<web-resource-name>Edit Profile</web-resource-name>
<url-pattern>/editProf.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
如果我自己来实现用户认证,也就是自己写登录代码(我用struts):
<form action="logon.do">
<html:text property="user"/>...
<html:password property="password"/>
<html:submit/>
</form>
然后实现logon.do映射到的logonAction类。请问,我要如何写logonAction才能让
容器知道用户已经成功登录?

也就是说,在客户请求editProf.do时候,容器会进行安全检查,那么它会检查一些
什么来确定用户是否登录,对应的,我在logonAction中要写什么呢?

呵呵,还是觉得没有描述清楚,容我再罗嗦一句:
如果我不使用容器内建的登录检查类(比如Tomcat有JDBC Realm类),我自己如何实现
登录类才能用上web.xml中的资源授权配制?

2.Re:如何实现自己的安全认证使之使用中的web.xml配置? [Re: cloudeye] Copy to clipboard
Posted by: ftang
Posted on: 2003-03-11 12:26

You can use "form login" config. The url of your HTML form is define as "j_security_check", and username field should be "j_username", password should be "j_password". These are defined in Servlet specification. You do NOT have to write your own login action.

If you really want your own logic program, you can do it in a Servlet Filter. But this is not defined in Servlet specification, so it is not relevant to web.xml.


   Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent
Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1
客服电话 18559299278    客服信箱 714923@qq.com    客服QQ 714923