Tomcat配置基礎(chǔ)驗(yàn)證

Tomcat中，容器管理驗(yàn)證方法控制著當(dāng)用戶訪問受保護(hù)的web應(yīng)用時(shí)如何進(jìn)行用戶的身份鑒別。
可以使用Basic Authentication驗(yàn)證來訪問受保護(hù)的web應(yīng)用，具體實(shí)施方法為，
在web應(yīng)用的web.xml文件中，添加如下元素項(xiàng)：
<security-constraint>
<login-config>
然后在conf/tomcat-users.xml里，添加適當(dāng)?shù)?lt;role>和<user>，最后重新啟動(dòng)Tomcat即可。

例子：
  <!-- Define a Security Constraint on this Application -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTMLManager and Manager command</web-resource-name>
      <url-pattern>/jmxproxy/*</url-pattern>
      <url-pattern>/html/*</url-pattern>
      <url-pattern>/list</url-pattern>
      <url-pattern>/expire</url-pattern>
      <url-pattern>/sessions</url-pattern>
      <url-pattern>/start</url-pattern>
      <url-pattern>/stop</url-pattern>
      <url-pattern>/install</url-pattern>
      <url-pattern>/remove</url-pattern>
      <url-pattern>/deploy</url-pattern>
      <url-pattern>/undeploy</url-pattern>
      <url-pattern>/reload</url-pattern>
      <url-pattern>/save</url-pattern>
      <url-pattern>/serverinfo</url-pattern>
      <url-pattern>/status/*</url-pattern>
      <url-pattern>/roles</url-pattern>
      <url-pattern>/resources</url-pattern>
      <url-pattern>/findleaks</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <!-- NOTE:  This role is not present in the default users file -->
       <role-name>manager</role-name>
    </auth-constraint>
  </security-constraint>

  <!-- Define the Login Configuration for this Application -->
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Tomcat Manager Application</realm-name>
  </login-config>

posted on 2010-12-01 14:35 koradji 閱讀(584) 評(píng)論(0)  編輯  收藏 所屬分類: tomcat