Tomcat Realm的使用
?Realm? 是什么,干嘛的。我这里就不说了
讲讲怎样配置Realm
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"driverName="oracle.jdbc.driver.OracleDriver"connectionURL="jdbc:oracle:thin:@192.168.9.172:1521:yfzx"connectionName="bi"connectionPassword="bi"userTable="users" userNameCol="user_name" userCredCol="passwd"userRoleTable="user_roles" roleNameCol="role_name"/>
??
?
className 请求提交到这个class
driverName 驱动名
?connectionURL 数据库URL
connectionName 账户
connectionPassword 数据库密码
userTable 用户表名
userNameCol 用户名涉及表的列
userCredCol 用户密码涉及表列
userRoleTable 角色表,这个一般和用户表相关联
roleNameCol 这个就是角色名
?
?
?
Tomcat 最终通过查询出rolename来决定你的访问权限。
在/WEB-INF/web.xml里面配置
<security-constraint> <display-name>OpenI Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>*.jsp</url-pattern> <url-pattern>*.html</url-pattern> <url-pattern>*.htm</url-pattern> <url-pattern>*.iface</url-pattern> <url-pattern>*.faces</url-pattern> <url-pattern>*.jspx</url-pattern> <url-pattern>*.xml</url-pattern> <url-pattern>/rss</url-pattern> <url-pattern>/StreamChart</url-pattern> </web-resource-collection> <auth-constraint> <role-name>openi</role-name> </auth-constraint> </security-constraint>
?
?以上是指定 role_name为openi的用户可以访问 web-resource-collection 标签里面的所有 url-pattern
?
然后配置登陆异常的页面了
<login-config> <auth-method>FORM</auth-method> <realm-name>OpenI 2.0</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login.jsp?login_failed</form-error-page> </form-login-config> </login-config>
?
差不多就这样,但是实际中远远不止这么些
?
如:我们一般再增加一个自己的Filter来获得认证后的用户具体信息
?
?
<filter> <filter-name>AuthorizationFilter</filter-name> <filter-class>org.openi.security.AuthorizationFilter</filter-class> <init-param> <param-name>project_list_page</param-name> <param-value>projectlist.htm</param-value> </init-param> </filter>
?
上面是自定义的Filter
<filter> <filter-name>WcfJspFilter</filter-name> <filter-class>org.openi.web.RequestFilter</filter-class> </filter> <filter-mapping> <filter-name>AuthorizationFilter</filter-name> <url-pattern>*.iface</url-pattern> </filter-mapping> <filter-mapping> <filter-name>AuthorizationFilter</filter-name> <url-pattern>*.faces</url-pattern> </filter-mapping> <filter-mapping> <filter-name>AuthorizationFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>AuthorizationFilter</filter-name> <url-pattern>*.jspx</url-pattern> </filter-mapping> <filter-mapping> <filter-name>AuthorizationFilter</filter-name> <url-pattern>*.htm</url-pattern> </filter-mapping> <filter-mapping> <filter-name>LogoutFilter</filter-name> <url-pattern>/killsession</url-pattern> </filter-mapping> <filter-mapping> <filter-name>WcfJspFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping>
?对相关的url访问过滤,在登陆成功之后 转向主页面时候会通过这个Filter
?
package org.openi.security;import java.io.IOException;import java.util.Enumeration;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletContext;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.log4j.Logger;import org.openi.application.Application;import org.openi.project.ProjectContext;import org.openi.users.User;import org.openi.users.UserService;import org.springframework.context.ApplicationContext;import org.springframework.web.context.support.WebApplicationContextUtils;public class AuthorizationFilter implements Filter {//private static final String APP_FILE_PATH = "/WEB-INF/application.xml";private static Logger logger = Logger.getLogger(AuthorizationFilter.class);private FilterConfig filterConfig;public void init(FilterConfig filterConfig) {this.filterConfig = filterConfig;}public static final String OPENI_ROLE_NAME = "openi";public static final String APP_ADMIN_ROLE_NAME = "app_admin";public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext());ProjectContext projectContext = (ProjectContext)appContext.getBean("projectContext");//request.setCharacterEncoding("UTF-8");/*Enumeration names = request.getParameterNames();while(names.hasMoreElements()) { String name = (String)names.nextElement(); String values[] = request.getParameterValues(name); for(int i=0;i<values.length;i++) { values[i] = new String(values[i].getBytes("ISO-8859-1"),"utf-8");//(values[i]); }} */HttpServletRequest servletRequest = (HttpServletRequest) request;/*logger.info("---------------------servletRequest.getRequestURI() : " + servletRequest.getRequestURI());logger.info("---------------------servletRequest.getCharacterEncoding() : " + servletRequest.getCharacterEncoding());logger.info("---------------------servletRequest.getAttribute() : " + servletRequest.getAttribute("content"));logger.info("---------------------servletRequest.getParameter() : " + servletRequest.getParameter("content"));logger.info("---------------------servletRequest.getParameter(contentNow) : " + servletRequest.getParameter("contentNow"));logger.info("---------------------servletRequest.getQueryString() : " + servletRequest.getQueryString());logger.info("---------------------servletRequest.getRequestURI() : " + servletRequest.getRequestURL().toString());logger.info("---------------------servletRequest.getServletPath() : " + servletRequest.getServletPath());;*/// Glashfish invokes request filter before login, so check UserPrincipal for nullif (projectContext.getUser() == null && servletRequest.getUserPrincipal() != null) {String userName = servletRequest.getUserPrincipal().getName();User user = null;try {UserService userService = (UserService)appContext.getBean("userService");if (userService != null) {user = userService.getUserById(userName);}} catch (Throwable t) {}if (user == null) {user = new User();} if (user.getLanguage() == null || "".equals(user.getLanguage())) {user.setLanguage(servletRequest.getLocale().getLanguage());} user.setName(userName);projectContext.setUser(user);if (servletRequest.isUserInRole(OPENI_ROLE_NAME)) {if (servletRequest.isUserInRole(APP_ADMIN_ROLE_NAME)) {projectContext.configureRoles(true, false, false);}/* else if (projectContext.getProject() != null && servletRequest.isUserInRole(projectContext.getProject().getProjectId() + " )) {if (servletRequest.isUserInRole(PRJ_ADMIN_ROLE_NAME)) {projectContext.configureRoles(false, true, false);} else if (servletRequest.isUserInRole(PRJ_USER_ROLE_NAME)) {projectContext.configureRoles(false, false, true);}}*/}}if (projectContext.getProject() == null && servletRequest.getUserPrincipal() != null) {try {if (!Application.isLoaded()) {((HttpServletRequest)request).getRequestDispatcher("/WEB-INF/pages/create_project.iface").forward(request, response);return;} else {logger.warn("project content directory is missing");if(!servletRequest.getRequestURI().endsWith("project_list.iface") && !servletRequest.getRequestURI().endsWith("blank.iface")){((HttpServletResponse)response).sendRedirect("project_list.iface");//((HttpServletRequest)request).getRequestDispatcher("project_list.iface").forward(request, response);return;}}} catch (Exception e) {throw new ServletException("could forward request", e);}}/*Enumeration names1 = request.getParameterNames();while(names1.hasMoreElements()) { String name = (String)names1.nextElement(); String values[] = request.getParameterValues(name); for(int i=0;i<values.length;i++) { values[i] = new String(values[i].getBytes("ISO-8859-1"),"utf-8");//(values[i]); }}*/chain.doFilter(request, response);}public void destroy() {}}?通过上面这个类就可以获得用户的具体信息,从而得到细粒度的控制。
?
?
完毕。高手不吝赐教!