冰雪

应用中配置两个-security-constraint-,之间切换的问题

2019-12-04 13:30:11来源:励志吧0次阅读

应用中配置两个<security-constraint>,他们之间切换的问题

如题:在做基于FORM认证方式的例子时,如果我有两个角色,manage和manager1,我在web.xml中配置两个 <security-constraint>,代码如下:

XML code

<?xml version="1.0" encoding="UTF-8"?>

<web-app version="2.4"

xmlns="http://java.sun.com/xml/ns/j2ee"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee

http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<welcome-file-list>

<welcome-file>/index.jsp</welcome-file>

</welcome-file-list>

<security-constraint>

<web-resource-collection>

<web-resource-name>Protected Area</web-resource-name>

<url-pattern>/index.jsp</url-pattern>

<http-method>DELETE</http-method>

<http-method>GET</http-method>

<http-method>POST</http-method>

<http-method>PUT</http-method>

</web-resource-collection>

<auth-constraint>

<role-name>manager</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>NONE</transport-guarantee>

</user-data-constraint>

</security-constraint>

<security-constraint>

<web-resource-collection>

<web-resource-name>Protected Area2</web-resource-name>

<url-pattern>/index2.jsp</url-pattern>

<http-method>DELETE</http-method>

<http-method>GET</http-method>

<http-method>POST</http-method>

<http-method>PUT</http-method>

</web-resource-collection>

<auth-constraint>

<role-name>manager2</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>NONE</transport-guarantee>

</user-data-constraint>

</security-constraint>

<!-- 缺省的登录配置使用基于表单的认证 -->

<login-config>

<auth-method>FORM</auth-method>

<realm-name>Example Form-Based Authentication Area</realm-name>

<form-login-config>

<form-login-page>/jsp/login.jsp</form-login-page>

<form-error-page>/jsp/error.jsp</form-error-page>

</form-login-config>

</login-config>

<security-role>

<role-name>manager</role-name>

</security-role>

<security-role>

<role-name>manager2</role-name>

</security-role>

</web-app>

我想index.jsp只能被manager角色访问,而index2.jsp只能被manager2角色访问,并且index.jsp和index2.jsp之间都有互相切换到对方的链接,

问题如下:

第一次访问浏览器http://localhost:8080/FORMAuthenticationDemo/index.jsp页面时,转到/jsp/login.jsp提示我输入用户名/密码,我输入正确后,进入index.jsp,然后点页面上的连接按钮,希望进入index2.jsp,但是点链接后并没有出现login.jsp页面, 直接抛出“HTTP Status 403 - Access to the requested resource has been denied”异常。

我希望在index.jsp上点链接进入index2.jsp时,能转到/jsp/login.jsp让我能再次输入属于角色manager2的用户的用户名和密码,这个怎么做到。

把403错误页面换成登陆页面好了。

<error-page>

<error-code>403 </error-code>

<location>/sorry.htm </location>

</error-page>

应该是当manager2要访问index1的时候,容器发现security-constaint里对于index1的安全要求不能让manger2访问,index1只能用manager1访问,所以禁止掉了。这种互相访问的情况只能从页面的代码中判断了,不能用security-constaint

艾玛妇产医院怎么走
北京铁营医院怎么样
温州牛皮癣医院哪家好
沈阳市治癫痫病最好的医院
淮安白癜风医院哪家好
分享到: