一尘不染

如何配置tomcat-users.xml来保护tomcat中的页面?

tomcat

我正在尝试使用和保护Tomcat中的管理页面web.xmltomcat-users.xml但无法正常工作。出现登录表单,但无法连接

这是web.xml我的web / WEB_INF文件夹中的:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Admin</web-resource-name>
        <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Admin</realm-name>
</login-config>

tomcat-users.xml在server / tomcat / conf /文件夹中:

<tomcat-users>
   <role rolename="manager"/>
   <role rolename="tomcat"/>
   <role rolename="admin"/>
   <role rolename="role1"/>
   <user username="manager" password="manager" roles="manager"/>
   <user username="both" password="tomcat" roles="tomcat,role1"/>
   <user username="tomcat" password="tomcat" roles="tomcat"/>
   <user username="role1" password="tomcat" roles="role1"/>
   <user username="admin" password="admin" roles="admin"/>
</tomcat-users>

任何的想法 ?


阅读 207

收藏
2020-06-16

共1个答案

一尘不染

可能回答晚了,但是无论如何您都在web.xml中缺少角色,也不必提及领域,因此您的web.xml应该如下所示

<security-constraint>
   <web-resource-collection>
      <web-resource-name>Admin</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
 </security-constraint>
 <login-config>
       <auth-method>BASIC</auth-method>
      <!-- Please note following line .. its commented -->
      <!-- <realm-name>Admin</realm-name> -->
 </login-config>
 <!-- Following section was missing -->
 <security-role>
     <role-name>admin</role-name>
</security-role>
2020-06-16