為tomcat頁面設置訪問權限

　　在web應用中對頁面的訪問控制通常通過程序來控制流程為登錄 > 設置session > 訪問受限頁面時檢查session是否存在如果不存在禁止訪問

　　對於較小型的web應用可以通過tomcat內置的訪問控制機制來實現權限控制采用這種機制的好處是程序中無需進行權限控制完全通過對tomcat的配置即可完成訪問控制

　　為了在tomcat頁面設置訪問權限控制在項目的WEBINFO/webxml文件中進行如下設置

　　<web<fp class='fp-6xf8m'></fp>app> <!<fp class='fp-o66t6'></fp><fp class='fp-o66t6'></fp>servlet等其他配置<fp class='fp-6xf8m'></fp><fp class='fp-528d3'></fp>> <security<fp class='fp-6xf8m'></fp>constraint> <web<fp class='fp-528d3'></fp>resource<fp class='fp-l6slo'></fp>collection> <display<fp class='fp-6xf8m'></fp>name>Example Security Constraint</display<fp class='fp-o66t6'></fp>name> <web<fp class='fp-6xf8m'></fp>resource<fp class='fp-528d3'></fp>name>My Test</web<fp class='fp-6xf8m'></fp>resource<fp class='fp-o66t6'></fp>name> <url<fp class='fp-o66t6'></fp>pattern>/ddly/admin/*</url<fp class='fp-6xf8m'></fp>pattern> </web<fp class='fp-528d3'></fp>resource<fp class='fp-l6slo'></fp>collection> <auth<fp class='fp-6xf8m'></fp>constraint> <role<fp class='fp-l6slo'></fp>name>role<fp class='fp-jn4nz'></fp></role<fp class='fp-6xf8m'></fp>name> <role<fp class='fp-o66t6'></fp>name>tomcat</role<fp class='fp-528d3'></fp>name> </auth<fp class='fp-o66t6'></fp>constraint> </security<fp class='fp-6xf8m'></fp>constraint> <login<fp class='fp-l6slo'></fp>config> <auth<fp class='fp-6xf8m'></fp>method>BASIC</auth<fp class='fp-528d3'></fp>method> <realm<fp class='fp-6xf8m'></fp>name>My Test</realm<fp class='fp-528d3'></fp>name> </login<fp class='fp-6xf8m'></fp>config> </web<fp class='fp-528d3'></fp>app>

　　其中<urlpattern>中指定受限的url可以使用通配符*通常對整個目錄進行訪問權限控制

　　<authconstraint>中指定哪些角色可以訪問<urlpattern>指定的url在<rolename>中可以設置一個或多個角色名

　　使用的角色名來自tomcat的配置文件${CATALINA_HOME}/conf/tomcatusersxml

　　<loginconfig>中設置登錄方式<authmethod>的取值為BASIC或FORM如果為BASIC浏覽器在需要登錄時彈出一個登錄窗口如果為FORM方式需要指定登錄頁面和登錄失敗時的提示信息顯示頁面

　　使用FORM方式的配置樣例如下

　　<login<fp class='fp-o66t6'></fp>config> <auth<fp class='fp-o66t6'></fp>method>FORM</auth<fp class='fp-l6slo'></fp>method> <realm<fp class='fp-528d3'></fp>name>Example Form<fp class='fp-6xf8m'></fp>Based Authentication Area</realm<fp class='fp-528d3'></fp>name> <form<fp class='fp-6xf8m'></fp>login<fp class='fp-528d3'></fp>config> <form<fp class='fp-6xf8m'></fp>login<fp class='fp-528d3'></fp>page>/login<fp class='fp-izolt'></fp>jsp</form<fp class='fp-6xf8m'></fp>login<fp class='fp-528d3'></fp>page> <form<fp class='fp-o66t6'></fp>error<fp class='fp-o66t6'></fp>page>/error<fp class='fp-bxyix'></fp>jsp</form<fp class='fp-6xf8m'></fp>error<fp class='fp-528d3'></fp>page> </form<fp class='fp-528d3'></fp>login<fp class='fp-6xf8m'></fp>config> </login<fp class='fp-l6slo'></fp>config>

　　其中的<formloginpage>指定登錄頁面url<formerrorpage>指定登錄失敗時的提示頁面url登錄頁面中form的action以及其中的用戶名和密碼兩個參數的名稱都應取固定的值登錄的後台處理程序為j_security_check用戶名和密碼的參數名稱分別為j_username和j_password如下是登錄頁面（如loginjsp）的一段示例代碼

　　<form method=<fp class='fp-v153p'></fp>POST<fp class='fp-v153p'></fp> action=<fp class='fp-7lwas'></fp><%= response<fp class='fp-bxyix'></fp>encodeURL(<fp class='fp-6lo53'></fp>j_security_check<fp class='fp-lu1j6'></fp>) %><fp class='fp-7yc6r'></fp> > <table border=<fp class='fp-gnrgh'></fp><fp class='fp-oueqo'></fp><fp class='fp-v153p'></fp> cellspacing=<fp class='fp-lu1j6'></fp><fp class='fp-esbga'></fp><fp class='fp-lu1j6'></fp>> <tr> <th align=<fp class='fp-lu1j6'></fp>right<fp class='fp-6lo53'></fp>>Username:</th> <td align=<fp class='fp-6lo53'></fp>left<fp class='fp-v153p'></fp>><input type=<fp class='fp-v153p'></fp>text<fp class='fp-lu1j6'></fp> name=<fp class='fp-gnrgh'></fp>j_username<fp class='fp-lu1j6'></fp>></td> </tr> <tr> <th align=<fp class='fp-gnrgh'></fp>right<fp class='fp-gnrgh'></fp>>Password:</th> <td align=<fp class='fp-gnrgh'></fp>left<fp class='fp-6lo53'></fp>><input type=<fp class='fp-lu1j6'></fp>password<fp class='fp-lu1j6'></fp> name=<fp class='fp-v153p'></fp>j_password<fp class='fp-gnrgh'></fp>></td> </tr> <tr> <td align=<fp class='fp-lu1j6'></fp>right<fp class='fp-lu1j6'></fp>><input type=<fp class='fp-6lo53'></fp>submit<fp class='fp-6lo53'></fp> value=<fp class='fp-v153p'></fp>Log In<fp class='fp-lu1j6'></fp>></td> <td align=<fp class='fp-v153p'></fp>left<fp class='fp-gnrgh'></fp>><input type=<fp class='fp-6lo53'></fp>reset<fp class='fp-lu1j6'></fp>></td> </tr> </table> </form>

From:http://tw.wingwit.com/Article/program/Java/ky/201311/28097.html