6

我已经坚持了一段时间了。我正在尝试访问我使用 HttpClient 和 Tomcat 7 实现的 ContainerServlet。我不断收到错误消息“Restricted(ContainerServlet)”。我添加了基本身份验证并尝试像内置的主机管理器应用程序一样设置它,但没有运气。

我的 HostManagerServlet 以:

public class HostManagerServlet
extends HttpServlet implements ContainerServlet {...

我的 web.xml 包含:

<servlet>
            <servlet-name>virtualHostCreator</servlet-name>
            <servlet-class>com.eatmyfish.servlets.HostManagerServlet</servlet-class>
          </servlet>
          <servlet-mapping>
            <servlet-name>virtualHostCreator</servlet-name>
            <url-pattern>/virtualhostcreator/*</url-pattern>
          </servlet-mapping>
    <security-constraint>
        <web-resource-collection>
          <web-resource-name>HostManager commands</web-resource-name>
          <url-pattern>/virtualhostcreator/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
           <!-- NOTE:  This role is not present in the default users file -->
           <role-name>admin-script</role-name>
        </auth-constraint>
      </security-constraint>
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>HTMLHostManager commands</web-resource-name>
          <url-pattern>/virtualhostcreator/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
           <!-- NOTE:  This role is not present in the default users file -->
           <role-name>admin-gui</role-name>
        </auth-constraint>
      </security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
  </login-config>
<security-role>
    <description>
      The role that is required to log in to the Host Manager Application HTML
      interface
    </description>
    <role-name>admin-gui</role-name>
  </security-role>
  <security-role>
    <description>
      The role that is required to log in to the Host Manager Application text
      interface
    </description>
    <role-name>admin-script</role-name>
  </security-role>

我的 tomcat-users.xml 包含:

.
.
.
<role rolename="admin-gui"/>
  <role rolename="admin-script"/>
  <role rolename="manager-gui"/>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat,admin-gui,admin-script,manager-gui"/>
.
.
.

进行 HttpClient 调用的代码(我尝试了几种不同的方法):

方法一 -

String url = environment.getProperty("baseurl");
        url += "virtualhostcreator/createVirualHost?name="+group.getGroupName();
        HttpClient httpclient = new DefaultHttpClient();

        HttpGet httpget = new HttpGet(url);
        httpget.addHeader(BasicScheme.authenticate(
                 new UsernamePasswordCredentials("tomcat", "tomcat"),
                 "UTF-8", false));
        HttpResponse response = httpclient.execute(httpget);

方法二 -

String url = environment.getProperty("baseurl");
        url += "virtualhostcreator/createVirualHost?name="+group.getGroupName();
        DefaultHttpClient httpclient = new DefaultHttpClient();
        httpclient.getCredentialsProvider().setCredentials(
                new AuthScope("localhost", 8080),
                new UsernamePasswordCredentials("tomcat", "tomcat"));
        // Create AuthCache instance
        AuthCache authCache = new BasicAuthCache();
        // Generate BASIC scheme object and add it to the local
        // auth cache
        HttpHost targetHost = new HttpHost("localhost", 8080, "http");
        BasicScheme basicAuth = new BasicScheme();
        authCache.put(targetHost, basicAuth);

        // Add AuthCache to the execution context
        BasicHttpContext localcontext = new BasicHttpContext();
        localcontext.setAttribute("http.auth.auth-cache", authCache);

        HttpGet httpget = new HttpGet(url);

        HttpResponse response = httpclient.execute(targetHost, httpget,localcontext);

错误的堆栈跟踪:

SEVERE: Allocate exception for servlet virtualHostCreator
java.lang.SecurityException: Restricted (ContainerServlet) class com.eatmyfish.servlets.HostManagerServlet
    at org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:536)
    at org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:509)
    at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:124)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1136)
    at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:857)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:135)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
    at java.lang.Thread.run(Thread.java:722)

任何想法我做错了什么?我无法通过 Restricted(ContainerServlet) 错误。

4

2 回答 2

21

我在 Tomcat 7 中遇到了类似的问题,并且能够通过编辑顶级元素./conf/context.xml使其看起来像

<Context privileged="true">

我想不通的是 Tomcat 自己的管理器 servlet 是如何在没有这种配置的情况下加载的。有人有任何线索吗?

于 2012-09-25T00:39:58.170 回答
2

我找到了答案。我需要在 server.xml 内的主机上下文中设置 privileged=true

于 2012-05-27T01:04:21.857 回答