web.xml:
1 <?xml version="1.0" encoding="UTF-8"?> 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 3 xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 4 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 5 id="WebApp_ID" version="2.5"> 6 <display-name>webAuthentification</display-name> 7 <welcome-file-list> 8 <welcome-file>index.html</welcome-file> 9 <welcome-file>index.htm</welcome-file> 10 <welcome-file>index.jsp</welcome-file> 11 <welcome-file>default.html</welcome-file> 12 <welcome-file>default.htm</welcome-file> 13 <welcome-file>default.jsp</welcome-file> 14 </welcome-file-list> 15 <security-constraint> 16 <web-resource-collection> 17 <web-resource-name>admin</web-resource-name> 18 <url-pattern>/views/admin/*</url-pattern> 19 </web-resource-collection> 20 <auth-constraint> 21 <role-name>admin</role-name> 22 </auth-constraint> 23 </security-constraint> 24 <security-constraint> 25 <web-resource-collection> 26 <web-resource-name>user</web-resource-name> 27 <url-pattern>/views/user/*</url-pattern> 28 </web-resource-collection> 29 <auth-constraint> 30 <role-name>user</role-name> 31 </auth-constraint> 32 </security-constraint> 33 34 <login-config> 35 <auth-method>FORM</auth-method> 36 <realm-name>TOMCAT FORM认证</realm-name> 37 <form-login-config> 38 <form-login-page>/views/common/login.jsp</form-login-page> 39 <form-error-page>/views/common/error.jsp</form-error-page> 40 </form-login-config> 41 </login-config> 42 43 <security-role> 44 <role-name>admin</role-name> 45 </security-role> 46 <security-role> 47 <role-name>user</role-name> 48 </security-role> 49 </web-app>
与BASIC认证不同的主要是<login-config/>这一块,修改为FORM认证,并指定响应的登陆页面和登陆失败后的页面。
要注意登陆页面中用户名的name必须是j_username,密码的name必须是j_password,Form的action必须是j_security_check.
例子:
1 <?xml version="1.0" encoding="GB18030" ?> 2 <%@ page language="java" contentType="text/html; charset=GB18030" 3 pageEncoding="GB18030"%> 4 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 5 <html xmlns="http://www.w3.org/1999/xhtml" 6 xmlns:f="http://java.sun.com/jsf/core" 7 xmlns:h="http://java.sun.com/jsf/html"> 8 <head> 9 <meta http-equiv="Content-Type" content="text/html; charset=GB18030" /> 10 <title>Login Page</title> 11 </head> 12 <body> 13 <form method=post 14 action='<%=response.encodeURL("j_security_check")%>'> 15 <table border="0" cellspacing="5"> 16 <tr> 17 <th align="right">Username:</th> 18 <td align="left"><input type="text" name="j_username"/></td> 19 </tr> 20 <tr> 21 <th align="right">Password:</th> 22 <td align="left"><input type="password" name="j_password"/></td> 23 </tr> 24 <tr> 25 <td align="right"><input type="submit" value="Log In"/></td> 26 <td align="left"><input type="reset"/></td> 27 </tr> 28 </table> 29 </form> 30 </body> 31 </html>
这样就ok了,在访问一个<web-resource-collection/>指定的受保护的资源时,会先跳转到登陆页面登陆,登陆失败则调整到失败页面;登陆成功则访问登陆之前的页面。
注意,如果是Eclipse集成的TOMCAT则认证总是失败,必须是启动安装的tomcat的bin/start.bat。