NetBeans Tomcat Jsp mysql 表单登录和会话
NetBeans Tomcat Jsp mysql forms login and session
我在 Tomcat 8.0.15、MySql(使用 Jconnector)、Servlet/Jsp 上有一个 NetBeans Web 项目。
我需要安全登录!!!
有一个登录页面。登录成功后,如果是 admin,servlet 会重定向到管理页面,如果用户名是 standardUser,servlet 会重定向到主页。
目前没有任何效果。该页面未被 servlet 重定向,在提交按钮上按下 error.html 出现并显示 response.getStatus() 是 0!!!
我测试了(没有登录)servlet username/password 检查数据库并且它有效。
所以这是我的代码文件:
login.jsp:
<form id="loginForm" method="POST" action="j_security_check">
<input name="j_username" id="j_username" type="email" value="test.admin@test.com"></input>
<input name="j_password" id="j_password" type="password" value="test"></input>
<input id="loginSubmit" type="submit" value="Login"></input></form>
web.xml:
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>ProjectP.Auth</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/j_servlet_check</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>Login.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyDatabase</realm-name>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/Error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Web Site Administrator</description>
<role-name>admin</role-name>
</security-role>
<security-role>
<description>Stansard user</description>
<role-name>user</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>ProjectP</web-resource-name>
<url-pattern>/adminpages/*</url-pattern>
<url-pattern>/userpages/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>ProjectP</web-resource-name>
<url-pattern>/userpages/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<resource-ref>
<description>DB Connection</description>
<res-ref-name>MyDatabase</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</web-app>
Context.xml:
<Context antiJARLocking="true" path="/ProjectP" allowCasualMultipartParsing="true" >
<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver"
name="MyDatabase" type="javax.sql.DataSource"
connectionURL="jdbc:mysql://localhost:3306/mydatabase"
connectionName="root" connectionPassword="sa"
userTable="administrators" userNameCol="username" userCredCol="password"
userRoleTable="userroles" roleNameCol="role"
auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000"/>
</Context>
LoginServlet.java:
@WebServlet("/j_servlet_check/*")
@MultipartConfig
public class LoginServlet extends HttpServlet {
protected void doPost(HttpS .......
response.setContentType("text/html;charset=UTF-8"); //text/plain
if (checkLoginUser(request.getParameter("j_username"), password)) { //it works for sure, tested...
request.getSession().setAttribute( "username", username );
request.getRequestDispatcher("../admin/Administration.jsp").forward(request, response);
是否需要 context.xml - 领域?
那么,如何创建安全登录?
如何 j_security_check 连接到我的 MySql 数据库!? - 可能是登录后出现问题错误页面...?
在context.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="true" path="/myDBname" allowCasualMultipartParsing="true" >
<Realm className="org.apache.catalina.realm.CombinedRealm" >
<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver"
name="myDBname" type="javax.sql.DataSource"
connectionURL="jdbc:mysql://localhost:3306/mydbname"
connectionName="root" connectionPassword="sasa"
userTable="administrators" userNameCol="Email" userCredCol="Password"
userRoleTable="administrators" roleNameCol="LoginRole"
auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000" digest="MD5"/>
<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver"
name="myDBname" type="javax.sql.DataSource"
connectionURL="jdbc:mysql://localhost:3306/mydbname"
connectionName="root" connectionPassword="sasa"
userTable="users" userNameCol="Email" userCredCol="Password"
userRoleTable="users" roleNameCol="LoginRole"
auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000" digest="MD5"/>
</Realm>
</Context>
web.xml
<resource-ref>
<description>DB Connection</description>
<res-ref-name>myDBname</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>myDBname</realm-name>
<form-login-config>
<form-login-page>/pages/Login.jsp</form-login-page>
<form-error-page>/pages/Error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Administrator</description>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>myDBname</web-resource-name>
<url-pattern>/pages/admin/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<welcome-file-list>
<welcome-file>pages/home.jsp</welcome-file>
</welcome-file-list>
复制了mysql-连接器-java-5.1.23-bin.jar到C:\程序Files\Apache软件Foundation\ApacheTomcat 8.0.15\lib
我还使用 <%= request.getContextPath() %> 将资源连接到页面
<link href="<%= request.getContextPath() %>/resources/styles/main.css" rel="stylesheet" type="text/css"/>
Java code 使用 MD5 哈希存储密码:
String passwordHash = org.apache.catalina.realm.RealmBase.Digest(password, "md5", "utf-8");
并将passwordHash写入数据库...
我在 Tomcat 8.0.15、MySql(使用 Jconnector)、Servlet/Jsp 上有一个 NetBeans Web 项目。 我需要安全登录!!!
有一个登录页面。登录成功后,如果是 admin,servlet 会重定向到管理页面,如果用户名是 standardUser,servlet 会重定向到主页。
目前没有任何效果。该页面未被 servlet 重定向,在提交按钮上按下 error.html 出现并显示 response.getStatus() 是 0!!! 我测试了(没有登录)servlet username/password 检查数据库并且它有效。
所以这是我的代码文件: login.jsp:
<form id="loginForm" method="POST" action="j_security_check">
<input name="j_username" id="j_username" type="email" value="test.admin@test.com"></input>
<input name="j_password" id="j_password" type="password" value="test"></input>
<input id="loginSubmit" type="submit" value="Login"></input></form>
web.xml:
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>ProjectP.Auth</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/j_servlet_check</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>Login.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyDatabase</realm-name>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/Error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Web Site Administrator</description>
<role-name>admin</role-name>
</security-role>
<security-role>
<description>Stansard user</description>
<role-name>user</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>ProjectP</web-resource-name>
<url-pattern>/adminpages/*</url-pattern>
<url-pattern>/userpages/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>ProjectP</web-resource-name>
<url-pattern>/userpages/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<resource-ref>
<description>DB Connection</description>
<res-ref-name>MyDatabase</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</web-app>
Context.xml:
<Context antiJARLocking="true" path="/ProjectP" allowCasualMultipartParsing="true" >
<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver"
name="MyDatabase" type="javax.sql.DataSource"
connectionURL="jdbc:mysql://localhost:3306/mydatabase"
connectionName="root" connectionPassword="sa"
userTable="administrators" userNameCol="username" userCredCol="password"
userRoleTable="userroles" roleNameCol="role"
auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000"/>
</Context>
LoginServlet.java:
@WebServlet("/j_servlet_check/*")
@MultipartConfig
public class LoginServlet extends HttpServlet {
protected void doPost(HttpS .......
response.setContentType("text/html;charset=UTF-8"); //text/plain
if (checkLoginUser(request.getParameter("j_username"), password)) { //it works for sure, tested...
request.getSession().setAttribute( "username", username );
request.getRequestDispatcher("../admin/Administration.jsp").forward(request, response);
是否需要 context.xml - 领域?
那么,如何创建安全登录?
如何 j_security_check 连接到我的 MySql 数据库!? - 可能是登录后出现问题错误页面...?
在context.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="true" path="/myDBname" allowCasualMultipartParsing="true" >
<Realm className="org.apache.catalina.realm.CombinedRealm" >
<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver"
name="myDBname" type="javax.sql.DataSource"
connectionURL="jdbc:mysql://localhost:3306/mydbname"
connectionName="root" connectionPassword="sasa"
userTable="administrators" userNameCol="Email" userCredCol="Password"
userRoleTable="administrators" roleNameCol="LoginRole"
auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000" digest="MD5"/>
<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver"
name="myDBname" type="javax.sql.DataSource"
connectionURL="jdbc:mysql://localhost:3306/mydbname"
connectionName="root" connectionPassword="sasa"
userTable="users" userNameCol="Email" userCredCol="Password"
userRoleTable="users" roleNameCol="LoginRole"
auth="Container" maxTotal="100" maxIdle="30" maxWaitMillis="10000" digest="MD5"/>
</Realm>
</Context>
web.xml
<resource-ref>
<description>DB Connection</description>
<res-ref-name>myDBname</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>myDBname</realm-name>
<form-login-config>
<form-login-page>/pages/Login.jsp</form-login-page>
<form-error-page>/pages/Error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Administrator</description>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>myDBname</web-resource-name>
<url-pattern>/pages/admin/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<welcome-file-list>
<welcome-file>pages/home.jsp</welcome-file>
</welcome-file-list>
复制了mysql-连接器-java-5.1.23-bin.jar到C:\程序Files\Apache软件Foundation\ApacheTomcat 8.0.15\lib
我还使用 <%= request.getContextPath() %> 将资源连接到页面
<link href="<%= request.getContextPath() %>/resources/styles/main.css" rel="stylesheet" type="text/css"/>
Java code 使用 MD5 哈希存储密码:
String passwordHash = org.apache.catalina.realm.RealmBase.Digest(password, "md5", "utf-8");
并将passwordHash写入数据库...