主页 / 问题 / 648114
Accepted
Nick
Asked:2020-04-04 15:02:12 +0000 UTC2020-04-04 15:02:12 +0000 UTC

限制对 servlet 应用程序中页面的访问

  • 772

大家好。伙计们可以举例说明在 servlet 应用程序中限制对页面的访问。因此,当我以用户身份登录时,我无法使用 /admin url 转到管理页面。

这是登录 servlet 代码:

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;


public class LoginServlet extends HttpServlet {

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException {

        req.getRequestDispatcher("index.jsp").forward(req, resp);
    }

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        PrintWriter pw = response.getWriter();
        response.setContentType("text/html");

        String user = request.getParameter("userName");
        String pass = request.getParameter("userPassword");

        if (user.equals("admin") && pass.equals("admin")) {
            response.sendRedirect("/admin");
        }
        if (user.equals("user") && pass.equals("user")) {
            response.sendRedirect("/user");
        }
        if (user.equals("page3") && pass.equals("page3")) {
            response.sendRedirect("page3.jsp");
        }
        else
            pw.println("Login Failed...!");
        pw.close();

    }


}
servlet

1 个回答

  1. Best Answer

    找到您的 tomcat-users.xml 文件并向其添加管理员

    <?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <!-- какие-то строки -->
  <role rolename="admin"/>
  <user username="admin" password="password" roles="admin"/>
  <!-- какие-то строки -->
</tomcat-users>

    之后在您的应用程序的web.xml中添加

    <?xml version="1.0" encoding="UTF-8"?>
<web-app id="tomcat-demo" version="2.4"
    xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <!-- какие-то строки -->

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Admin's panel</web-resource-name>
            <url-pattern>/admin</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>

        <user-data-constraint>
            <!-- это ТОЛЬКО для тестов -->
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.html</form-login-page>
            <form-error-page>/no_access.html</form-error-page>
        </form-login-config>
    </login-config>

    <!-- какие-то строки -->

</web-app>

    登录.html

    <!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Login</title>
</head>
<body>
<form method="POST" action="j_security_check">
    <p>Login to Admin's panel:</p>
    <p>Name:</p>
    <input type="text" name="j_username" />
    <p>Password:</p>
    <input type="password" name="j_password" />
    <input type="submit" value="Login" />
</form>
</body>
</html>

    no_access.html

    <!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>NOOOOOOOO</title>
</head>
<body>
<h1>login failed!</h1>
</body>
</html>

    之后,系统将提示您输入密码以访问指定的URL

    • 0

相关问题