总结&&疑问:
在Tomcat中配置摘要认证相对来说比较简单。但也需要注意一下几点:
1. 在使用JDBC Realm的时候,用户表和角色表的 用户名这一列的列名必须完全一致。
2. 在使用摘要认证的时候,参考tomcat的说明,貌似数据库中只能够存放明文(未测试)。
(Note that HTTP digest authentication is different from the storage of password digests in the repository for user information as discussed above).
3. 貌似无法为不同的路径设置不同的认证方式。
示例工程代码:
【Tomcat Basic、Digest认证】
HTTP FORM 认证的例子在Tomcat的发布包中自带的就有,参考:
apache-tomcat-6.0.29.zip/apache-tomcat-6.0.29/webapps/examples/jsp/security/protected/login.jsp
测试环境:
apache-tomcat-6.0.29
mysql-essential-5.1.50-win32.msi
eclipse 3.5
示例工程结构:
/test/src/auth.sql -- 在MySQL中创建schema、table、和数据
/test/WebContent/auth/index.html -- 受保护的测试页面
/test/WebContent/META-INF/context.xml -- Tomcat中配置的Realm
/test/WebContent/WEB-INF/lib/mysql-connector-java-5.1.5-bin.jar
-- 使用Realm时连接数据库的jdbc jar包
/test/WebContent/WEB-INF/web.xml -- web.xml
步骤:
1. 创建所需的表和数据:
auth.sql
- /* mysql tested. */
- create schema auth ;
- create table users (
- user_name varchar(15) not null primary key,
- user_pass varchar(15) not null
- );
- create table user_roles (
- user_name varchar(15) not null,
- role_name varchar(15) not null,
- primary key (user_name, role_name)
- );
- insert into users (user_name, user_pass) values ( 'zhang3', '123456');
- insert into users (user_name, user_pass) values ( 'li4', '123456');
- insert into users (user_name, user_pass) values ( 'wang5', '123456');
- insert into user_roles (user_name, role_name) values ( 'zhang3', 'ADMIN');
- insert into user_roles (user_name, role_name) values ( 'zhang3', 'USER');
- insert into user_roles (user_name, role_name) values ( 'li4', 'USER');
- insert into user_roles (user_name, role_name) values ( 'wang5', 'GUEST');
2. 创建JDBC Realm
context.xml
- <?xml version="1.0" encoding="UTF-8"?>
- <Context>
- <!-- digest="MD5" -->
- <Realm className="org.apache.catalina.realm.JDBCRealm"
- driverName="com.mysql.jdbc.Driver"
- connectionURL="jdbc:mysql://localhost:3306/auth"
- connectionName="root"
- connectionPassword="123456"
- userTable="users"
- userNameCol="user_name"
- userCredCol="user_pass"
- userRoleTable="user_roles"
- roleNameCol="role_name" />
- </Context>
3. 按需要修改 web.xml
web.xml
- <?xml version="1.0" encoding="UTF-8" ?>
- <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
- <!-- 设置需要认证的范围 -->
- <security-constraint>
- <display-name>Test Auth</display-name>
- <web-resource-collection>
- <web-resource-name>Protected Area</web-resource-name>
- <url-pattern>/auth/*</url-pattern>
- <http-method>DELETE</http-method>
- <http-method>GET</http-method>
- <http-method>POST</http-method>
- <http-method>PUT</http-method>
- </web-resource-collection>
- <auth-constraint>
- <role-name>ADMIN</role-name>
- <role-name>USER</role-name>
- </auth-constraint>
- </security-constraint>
- <!-- 设置该Web应用使用到的角色 -->
- <security-role>
- <role-name>ADMIN</role-name>
- </security-role>
- <security-role>
- <role-name>USER</role-name>
- </security-role>
- <security-role>
- <role-name>GUEST</role-name>
- </security-role>
- <!-- 设置认证方式 -->
- <!--
- <login-config>
- <auth-method>BASIC</auth-method>
- <realm-name>Basic Authentication</realm-name>
- </login-config>
- -->
- <login-config>
- <auth-method>DIGEST</auth-method>
- <realm-name>Digest Authentication</realm-name>
- </login-config>
- </web-app>
(可以分别启用不同的 login-config 进行basic或digest认证)
4. 在Tomcat中运行,在浏览器的URL中输入以下地址进行测试:
http://localhost:8080/test/auth/
用户 "zhang3", "li4" 可以登录,而 "wang5" 则不可以。(密码均为:"123456")
如果给你带来帮助,欢迎微信或支付宝扫一扫,赞一下。
