Java 如何对Apache Tomcat服务器上的HTTP Get请求进行密码保护?
我只想向用户发送一些数据,前提是他们在HTTP请求的头中正确提供了用户名和密码 我尝试通过HttpServletReqest login()方法实现这一点,但没有成功 这是我的服务器的doGet方法:Java 如何对Apache Tomcat服务器上的HTTP Get请求进行密码保护?,java,apache,http,tomcat,servlets,Java,Apache,Http,Tomcat,Servlets,我只想向用户发送一些数据,前提是他们在HTTP请求的头中正确提供了用户名和密码 我尝试通过HttpServletReqest login()方法实现这一点,但没有成功 这是我的服务器的doGet方法: protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("application/json");
PrintWriter out = response.getWriter();
String token = "abcdef";
request.login("User", "Pass");
out.print("{\n\"Authentication Token\" : \"" + token + "\"\n}");
out.flush();
}
但它一直抛出“登录失败”Servlet异常。您需要在tomcat的tomcat-users.xml文件中配置用户和角色。。 并在web.xml文件中配置URL以使用此身份验证。。 给你下面的示例代码
tomcat-users.xml file:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="myname" password="mypassword" roles="tomcat"/>
<user username="test" password="test"/>
</tomcat-users>
web.xml file :
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="tomcat-demo" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<servlet>
<servlet-name>TestServlet</servlet-name>
<servlet-class>test.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
<url-pattern>/test</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
<user-data-constraint>
<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
tomcat-users.xml文件:
web.xml文件:
TestServlet
test.TestServlet
TestServlet
/试验
通配符意味着整个应用程序需要身份验证
/试验
得到
雄猫
没有一个
基本的
tomcat-users.xml file:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="myname" password="mypassword" roles="tomcat"/>
<user username="test" password="test"/>
</tomcat-users>
web.xml file :
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="tomcat-demo" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<servlet>
<servlet-name>TestServlet</servlet-name>
<servlet-class>test.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
<url-pattern>/test</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
<user-data-constraint>
<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>