当我正确验证时,HTTP 禁止我访问指定资源 - JavaEE
HTTP forbids me to access to a specified resource when I authenticate correctly - JavaEE
我正在尝试使用 NetBeans (IDE)、GlassFish 4.1.0(网络服务器)和 MySql 5.7.11(数据库服务器)开发 JavaEE 7.0 网络应用程序。我的操作系统是 Windows 8.1.
我想建立一个非常基本的身份验证系统。用户输入数据库中已经输入的用户名和密码,如果正确,他将能够访问名为 index.jsp 的网页。
因此,为了开发这个认证系统,我按照以下方式进行:
1- 在 GlassFish 管理控制台 中,我转到了“security/Realms/file”window 和添加用户名:"john" 和密码:"azerty"。 "john"所属的组列表名为"cemsAdmin":
2- 在 "security" 常规 window 中,我启用了 默认主体到角色映射 选项:
3- 在我的 NetBeans Web 应用程序项目中,我在 web.xml 文档中编写了以下代码:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
<jsp-config>
<jsp-property-group>
<description>JSP configuration for the admin console</description>
<url-pattern>/admin/index.jsp</url-pattern>
</jsp-property-group>
<jsp-property-group>
<description>JSP configuration for the store front</description>
<url-pattern>/index.jsp</url-pattern>
<url-pattern>/WEB-INF/view/*</url-pattern>
</jsp-property-group>
</jsp-config>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/admin/login.jsp</form-login-page>
<form-error-page>/admin/error.jsp</form-error-page>
</form-login-config>
</login-config>
<resource-ref>
<description>Connect to the cems database</description>
<res-ref-name>jdbc/cems</res-ref-name>
<res-type>javax.sql.ConnectionPoolDataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
3- 在我的 NetBeans Web 应用程序项目中,我在 AdminServlet 文件中编写了以下代码:
@WebServlet(name = "AdminServlet", urlPatterns = {"/admin/","/admin/logout"})
@ServletSecurity( @HttpConstraint(rolesAllowed = {"cemsAdmin"}) )
public class AdminServlet extends HttpServlet {
private String userPath;
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
userPath = request.getServletPath();
System.out.println("The user path is:"+userPath);
HttpSession session = request.getSession(true);
// use RequestDispatcher to forward request internally
userPath = "/admin/index.jsp";
try {
request.getRequestDispatcher(userPath).forward(request, response);
} catch (Exception ex) {
ex.printStackTrace();
}
}
当我运行全部代码得到如下网页:
因此,我输入用户名 "john" 和密码 "azerty" 并且我有以下 HTTP错误:
真不知道怎么回事。你能帮帮我吗?
非常感谢您的帮助。
您需要在 web.xml 中添加安全约束。
像这样:
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>rr</web-resource-name>
<description/>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>RoleOne</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description/>
<role-name>RoleOne</role-name>
</security-role>
您还缺少安全角色定义。
我正在尝试使用 NetBeans (IDE)、GlassFish 4.1.0(网络服务器)和 MySql 5.7.11(数据库服务器)开发 JavaEE 7.0 网络应用程序。我的操作系统是 Windows 8.1.
我想建立一个非常基本的身份验证系统。用户输入数据库中已经输入的用户名和密码,如果正确,他将能够访问名为 index.jsp 的网页。 因此,为了开发这个认证系统,我按照以下方式进行:
1- 在 GlassFish 管理控制台 中,我转到了“security/Realms/file”window 和添加用户名:"john" 和密码:"azerty"。 "john"所属的组列表名为"cemsAdmin":
2- 在 "security" 常规 window 中,我启用了 默认主体到角色映射 选项:
3- 在我的 NetBeans Web 应用程序项目中,我在 web.xml 文档中编写了以下代码:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
<jsp-config>
<jsp-property-group>
<description>JSP configuration for the admin console</description>
<url-pattern>/admin/index.jsp</url-pattern>
</jsp-property-group>
<jsp-property-group>
<description>JSP configuration for the store front</description>
<url-pattern>/index.jsp</url-pattern>
<url-pattern>/WEB-INF/view/*</url-pattern>
</jsp-property-group>
</jsp-config>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/admin/login.jsp</form-login-page>
<form-error-page>/admin/error.jsp</form-error-page>
</form-login-config>
</login-config>
<resource-ref>
<description>Connect to the cems database</description>
<res-ref-name>jdbc/cems</res-ref-name>
<res-type>javax.sql.ConnectionPoolDataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
3- 在我的 NetBeans Web 应用程序项目中,我在 AdminServlet 文件中编写了以下代码:
@WebServlet(name = "AdminServlet", urlPatterns = {"/admin/","/admin/logout"})
@ServletSecurity( @HttpConstraint(rolesAllowed = {"cemsAdmin"}) )
public class AdminServlet extends HttpServlet {
private String userPath;
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
userPath = request.getServletPath();
System.out.println("The user path is:"+userPath);
HttpSession session = request.getSession(true);
// use RequestDispatcher to forward request internally
userPath = "/admin/index.jsp";
try {
request.getRequestDispatcher(userPath).forward(request, response);
} catch (Exception ex) {
ex.printStackTrace();
}
}
当我运行全部代码得到如下网页:
因此,我输入用户名 "john" 和密码 "azerty" 并且我有以下 HTTP错误:
真不知道怎么回事。你能帮帮我吗?
非常感谢您的帮助。
您需要在 web.xml 中添加安全约束。 像这样:
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>rr</web-resource-name>
<description/>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>RoleOne</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description/>
<role-name>RoleOne</role-name>
</security-role>
您还缺少安全角色定义。