我在Tomcat 8.0.15,MySql(带有Jconnector),Servlet / Jsp上有一个NetBeans Web项目。我需要安全的登录!!!
有一个登录页面。成功登录后,如果是admin,则servlet重定向到管理页面;如果username是standardUser,则servlet重定向到主页。
目前没有任何效果。该页面没有被servlet重定向,在提交按钮上按error.html出现并显示 response.getStatus()为0 !我测试了(无需登录)servlet对数据库的用户名/密码检查,并且它有效。
所以这是我的代码文件:login.jsp:
<form id="loginForm" method="POST" action="j_security_check"> <input name="j_username" id="j_username" type="email" value="test.admin@test.com"></input> <input name="j_password" id="j_password" type="password" value="test"></input> <input id="loginSubmit" type="submit" value="Login"></input></form>
web.xml:
<servlet> <servlet-name>LoginServlet</servlet-name> <servlet-class>ProjectP.Auth</servlet-class> </servlet> <servlet-mapping> <servlet-name>LoginServlet</servlet-name> <url-pattern>/j_servlet_check</url-pattern> </servlet-mapping> <session-config> <session-timeout> 30 </session-timeout> </session-config> <welcome-file-list> <welcome-file>Login.jsp</welcome-file> <welcome-file>index.html</welcome-file> </welcome-file-list> <login-config> <auth-method>FORM</auth-method> <realm-name>MyDatabase</realm-name> <form-login-config> <form-login-page>/Login.jsp</form-login-page> <form-error-page>/Error.html</form-error-page> </form-login-config> </login-config> <security-role> <description>Web Site Administrator</description> <role-name>admin</role-name> </security-role> <security-role> <description>Stansard user</description> <role-name>user</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>ProjectP</web-resource-name> <url-pattern>/adminpages/*</url-pattern> <url-pattern>/userpages/*</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>ProjectP</web-resource-name> <url-pattern>/userpages/*</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <resource-ref> <description>DB Connection</description> <res-ref-name>MyDatabase</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref> </web-app>
Context.xml:
<Context antiJARLocking="true" path="/ProjectP" allowCasualMultipartParsing="true" > <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver" name="MyDatabase" type="javax.sql.DataSource" connectionURL="jdbc:mysql://localhost:3306/mydatabase" connectionName="root" connectionPassword="sa" userTable="administrators" userNameCol="username" userCredCol="password" userRoleTable="userroles" roleNameCol="role" auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000"/> </Context>
LoginServlet.java:
@WebServlet("/j_servlet_check/*") @MultipartConfig public class LoginServlet extends HttpServlet { protected void doPost(HttpS ....... response.setContentType("text/html;charset=UTF-8"); //text/plain if (checkLoginUser(request.getParameter("j_username"), password)) { //it works for sure, tested... request.getSession().setAttribute( "username", username ); request.getRequestDispatcher("../admin/Administration.jsp").forward(request, response);
是否需要context.xml-领域?
那么,如何创建安全登录?
j_security_check如何连接到我的MySql数据库!-可能是登录后显示的问题错误页面…?
在context.xml中
<?xml version="1.0" encoding="UTF-8"?> <Context antiJARLocking="true" path="/myDBname" allowCasualMultipartParsing="true" > <Realm className="org.apache.catalina.realm.CombinedRealm" > <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver" name="myDBname" type="javax.sql.DataSource" connectionURL="jdbc:mysql://localhost:3306/mydbname" connectionName="root" connectionPassword="sasa" userTable="administrators" userNameCol="Email" userCredCol="Password" userRoleTable="administrators" roleNameCol="LoginRole" auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000" digest="MD5"/> <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver" name="myDBname" type="javax.sql.DataSource" connectionURL="jdbc:mysql://localhost:3306/mydbname" connectionName="root" connectionPassword="sasa" userTable="users" userNameCol="Email" userCredCol="Password" userRoleTable="users" roleNameCol="LoginRole" auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000" digest="MD5"/> </Realm> </Context>
web.xml
<resource-ref> <description>DB Connection</description> <res-ref-name>myDBname</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref> <login-config> <auth-method>FORM</auth-method> <realm-name>myDBname</realm-name> <form-login-config> <form-login-page>/pages/Login.jsp</form-login-page> <form-error-page>/pages/Error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description>Administrator</description> <role-name>admin</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>myDBname</web-resource-name> <url-pattern>/pages/admin/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <welcome-file-list> <welcome-file>pages/home.jsp</welcome-file> </welcome-file-list>
将mysql-connector-java-5.1.23-bin.jar复制到C:\ Program Files \ Apache Software Foundation \ Apache Tomcat 8.0.15 \ lib
我还使用<%= request.getContextPath() %>为了将资源连接到页面
<%= request.getContextPath() %>
<link href="<%= request.getContextPath() %>/resources/styles/main.css" rel="stylesheet" type="text/css"/>
Java代码要使用MD5哈希存储密码,请执行以下操作:
String passwordHash = org.apache.catalina.realm.RealmBase.Digest(password, "md5", "utf-8");
并将passwordHash写入数据库…