如何在Jboss7.1中配置简单身份validation
我正在研究纯jsps(scriptlets)编写的项目,而不使用任何框架。
jboss版本:jboss-as-7.1.0.Final
我现在正在尝试添加简单的身份validation。 因此,当用户尝试浏览jsps时,比如http://localhost/myContextPath/hello.jsp ,它需要先登录。
web.xml中
All Access /* DELETE PUT HEAD OPTIONS TRACE GET POST CONFIDENTIAL BASIC
的jboss-web.xml中
other
standalone.xml([jboss_home] \ standalone \ configuration文件夹)
users.properties(放在webapp classes文件夹下)
user1=jboss7
roles.properties(放在webapp classes文件夹下)
user1=Admin
经过所有这些修改后,我尝试浏览我的hello jsp。 我像往常一样工作。 没有身份validation,也没有例外。
我不确定我是否朝着正确的方向前进,或者安全约束是完全不同的事情。 请帮忙,谢谢!
只需按照本文中的步骤设置7.1的BASIC身份validation。
尝试这个。
组态
在web.xml
All Access /* DELETE PUT HEAD OPTIONS TRACE GET POST CONFIDENTIAL BASIC ApplicationRealm user
的jboss-web.xml中
java:/jaas/other
standalone.xml
如果您使用的是ApplicationRealm,则无需执行任何操作。
添加用户
您可以使用jboss提供的工具将用户添加到ApplicationRealm 。
从%JBOSS_HOME%/ bin开始 。 使用add-user.bat(或)add-user.sh工具。
C:\dev\jboss-eap-6.2\bin>add-user What type of user do you wish to add? a) Management User (mgmt-users.properties) b) Application User (application-users.properties) (a): b Enter the details of the new user to add. Using realm 'ApplicationRealm' as discovered from the existing property files. Username : johngalt Password : Re-enter Password : What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: user About to add user 'johngalt' for realm 'ApplicationRealm' Is this correct yes/no? yes Added user 'johngalt' to file 'C:\dev\jboss-eap-6.2\standalone\configuration\application-users.properties' Added user 'johngalt' to file 'C:\dev\jboss-eap-6.2\domain\configuration\application-users.properties' Added user 'johngalt' with groups user to file 'C:\dev\jboss-eap-6.2\standalone\configuration\application-roles.properties' Added user 'johngalt' with groups user to file 'C:\dev\jboss-eap-6.2\domain\configuration\application-roles.properties' Is this new user going to be used for one AS process to connect to another AS process? eg for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls. yes/no? no Press any key to continue . . . C:\dev\jboss-eap-6.2\bin>
这对我有用
这对我有用。 将其添加到web.xml
HtmlAuth application security constraints /* DELETE PUT HEAD OPTIONS TRACE GET POST user BASIC ApplicationRealm user
然后添加或创建一个jboss-web.xml:
java:/jaas/other
将用户名添加到jboss:C:\ jboss \ jboss-eap-6.2 \ bin> add-user.bat
What type of user do you wish to add? a) Management User (mgmt-users.properties) b) Application User (application-users.properties) (a): b Enter the details of the new user to add. Using realm 'ApplicationRealm' as discovered from the existing property files. Username : testid User 'testid' already exits, would you like to update the existing user password and roles Is this correct yes/no? yes Password : Re-enter Password : What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[user]: user,Manager Updated user 'testid' to file 'C:\jboss\jboss-eap-6.2\standalone\configuration\a pplication-users.properties' Updated user 'testid' to file 'C:\jboss\jboss-eap-6.2\domain\configuration\appli cation-users.properties' Updated user 'testid' with groups user,Manager to file 'C:\jboss\jboss-eap-6.2\s tandalone\configuration\application-roles.properties' Updated user 'testid' with groups user,Manager to file 'C:\jboss\jboss-eap-6.2\d omain\configuration\application-roles.properties' Is this new user going to be used for one AS process to connect to another AS pr ocess? eg for a slave host controller connecting to the master or for a Remoting conn ection for server to server EJB calls. yes/no? yes To represent the user add the following to the server-identities definition
我没有看到更改JBoss配置的要求,就好像您想稍后更改服务器容器一样,还需要更改配置。 而不是这样,使用会话对象来检查会话是否已存在。 如果它没有将页面重定向到登录页面。 这将返回当前会话。
request.getSession();
在登录页面中,将当前会话设置为属性
session.setAttribute('sess',request.getSession());
使用此比较,用户将无法直接访问任何其他页面。