JSP-身份验证
我有一个简单的login.jsp文件:JSP-身份验证,jsp,web.xml,Jsp,Web.xml,我有一个简单的login.jsp文件: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>L
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Login</title>
</head>
<body bgcolor="#ffffff">
<form method="POST" action="j_security_check">
<table border="0">
<tr>
<td>Username</td>
<td><input type="text" name="j_username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="j_password"></td>
</tr>
</table>
<center>
<input type="submit" value="Login!">
</center>
</form>
</body>
</html>
AFAIR,您不能直接链接到login.jsp页面。相反,您必须链接到受保护的页面。如果用户尚未登录,这将使服务器显示登录页面,成功登录后,用户将被重定向到请求的受保护页面。我不理解。要运行代码,我必须更改什么?在标记中,如果用户尚未登录,我将调用登录页面。您可能有一个指向登录页面的链接。你不能那样做。你应该只链接到应用程序的实际页面。如果实际页面受到保护,容器将显示登录页面。我无法准确地告诉您要更改什么,因为您没有显示导致此错误发生的页面,也没有描述您是如何导致此错误的。好的,我已经编辑了我的共享。现在您可以看到我的servlet,如果用户成功登录,应该调用它。错误页面显示正确是因为用户密码错误,您是如何进入第一页的登录页面的?
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>Security</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>
SecuredBookSite
</web-resource-name>
<url-pattern>/Success</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="admin"/>
<user username="administrator" password="password" roles="admin"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
package security;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet("/Success")
public class Success extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if(request.isUserInRole("admin"))
{
System.out.println("approved!");
}
else
{
System.out.println("NOT approved");
}
}
}