Servlets 如何修复Tomcat对已被拒绝的请求资源的访问?
更新:完全删除Servlets 如何修复Tomcat对已被拒绝的请求资源的访问?,servlets,tomcat7,http-status-code-403,security-constraint,Servlets,Tomcat7,Http Status Code 403,Security Constraint,更新:完全删除元素后,代码正常工作。有人能解释为什么它在出现时不起作用吗? 我正在编写一些代码来练习在部署描述符中保护servlet,并在浏览器中获得以下内容: HTTP Status 403 - Access to the requested resource has been denied type Status report message Access to the requested resource has been denied description Access to the
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource has been forbidden.
Apache Tomcat/7.0.42
<?xml version="1.0" ?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<servlet>
<servlet-name>CheckedServlet</servlet-name>
<servlet-class>webcert.ch05.ex0502J.CheckedServlet</servlet-class>
<security-role-ref>
<role-name>MGR</role-name>
<role-link>manager</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>CheckedServlet</servlet-name>
<url-pattern>/CheckedServlet</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>CheckedServletConstraint</web-resource-name>
<url-pattern>/CheckedServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>manager</role-name>
</security-role>
CheckedServlet
webert.ch05.ex0502J.CheckedServlet
经理
经理
CheckedServlet
/CheckedServlet
CheckedServletConstraint
/CheckedServlet
*
经理
package webcert.ch05.ex0502J;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.security.*;
public class CheckedServlet extends HttpServlet{
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.write("<html><head><title>CheckedServlet</title></head><body>");
String userMessage;
Principal user = request.getUserPrincipal();
if(user == null)
userMessage = "Access denied.";
else
userMessage = "Access granted.";
out.write("<br>" + userMessage + " Principal name is " + user +
"<br>If authorized, you should see some more text below:");
if(request.isUserInRole("manager"))
out.write("<br>Here's some super secret extra text since your " +
"role is manager.");
out.write("</body></html>");
out.flush();
out.close();
}
}
包webert.ch05.ex0502J;
导入java.io.*;
导入javax.servlet.*;
导入javax.servlet.http.*;
导入java.security.*;
公共类CheckedServlet扩展了HttpServlet{
受保护的void doPost(HttpServletRequest请求、HttpServletResponse响应)
抛出ServletException、IOException{
doGet(请求、响应);
}
受保护的void doGet(HttpServletRequest请求、HttpServletResponse响应)
抛出ServletException、IOException{
response.setContentType(“text/html”);
PrintWriter out=response.getWriter();
out.write(“CheckedServlet”);
字符串用户消息;
主体用户=request.getUserPrincipal();
if(user==null)
userMessage=“访问被拒绝。”;
其他的
userMessage=“已授予访问权限。”;
out.write(“
”+userMessage+”主体名称为“+user+
如果获得授权,您应该在下面看到更多文本:”;
if(request.isUserInRole(“manager”))
out.write(“
这里有一些超级机密的额外文本,因为您的”+
“角色就是经理。”);
请写出(“”);
out.flush();
out.close();
}
}
<role rolename="MGR"/>
<user password="mypassword" roles="MGR" username="user1"/>
<user password="mypassword2" roles="MGR" username="user2"/>
现在,当您访问应用程序时,应用程序将使用HTTP Basic Auth提示您输入用户ID/密码,而不是获取状态403错误消息。如果您使用上述用户标识之一,则应该能够成功登录。您需要在web.xml中添加以下内容:
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
基本的
然后还可以编辑您的
tomcat user.xml你好,杰夫,你能找到原因吗?我在我的盒子上也注意到了同样的问题。如果你能在这里分享,我将不胜感激。谢谢。嗨,塔里克-到目前为止还没有运气。我是在为OCWCD考试学习的背景下问这个问题的,所以后来我转到了其他话题。我计划在下一篇文章中重温,如果我找到答案,我一定会发帖的。谢谢杰夫。我很感激:)可能的副本