-1

我正在尝试按照 David Heffelfinger 的书“使用 NetBeans 6 进行 Java EE 5 开发:使用这个流行的 IDE 快速轻松地开发专业的企业 Java EE 5 应用程序”的第 2 章中的描述构建一个安全的 Web 应用程序。在执行最后一步(GlassFish 特定安全配置)时,我尝试运行该程序。我收到以下错误消息:

deploy?DEFAULT=/home/bjorn/NetBeansProjects/securewebapp/build/web&name=securewebapp&contextroot=/securewebapp&force=true failed on GlassFish Server 3+ 
 Error occurred during deployment: Exception while deploying the app [securewebapp] : org.xml.sax.SAXParseException; lineNumber: 28; columnNumber: 57; Deployment descriptor file WEB-INF/web.xml in archive [web].  cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.. Please see server.log for more details.
/home/bjorn/NetBeansProjects/securewebapp/nbproject/build-impl.xml:1033: The module has not been deployed.
See the server log for details.
BUILD FAILED (total time: 2 seconds)

日志文件显示:

SEVERE: DPL8015: Invalid Deployment Descriptors in Deployment descriptor file WEB-INF/web.xml in archive [web]. 
Line 28 Column 57 -- cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.
SEVERE: DPL8005: Deployment Descriptor parsing failure : cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.
SEVERE: Exception while deploying the app [securewebapp]
SEVERE: org.xml.sax.SAXParseException; lineNumber: 28; columnNumber: 57; Deployment descriptor file WEB-INF/web.xml in archive [web].  cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.

有人知道如何使安全的 Web 应用程序正常工作吗?

编辑:

文件 web.xml 包含:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <servlet>
        <servlet-name>SecureServlet</servlet-name>
        <servlet-class>SecureServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>SecureServlet</servlet-name>
        <url-pattern>/SecureServlet</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <security-constraint>
        <display-name>Admin Pages</display-name>
        <web-resource-collection>
            <web-resource-name>Administrative Pages</web-resource-name>
            <description/>
            <url-pattern>/admin/*</url-pattern>
        </web-resource-collection>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>file</realm-name>
        <form-login-config>
            <form-login-page>index.jsp</form-login-page>
            <form-error-page>errorpage.jsp</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description>Administrator</description>
        <role-name>admin</role-name>
    </security-role>
    <security-role>
        <description>User</description>
        <role-name>user</role-name>
    </security-role>
</web-app>
4

1 回答 1

0

更改<login-config>并放入/文件路径。

<form-login-config>
    <form-login-page>/index.jsp</form-login-page>
    <form-error-page>/errorpage.jsp</form-error-page>
</form-login-config>


编辑基于 JAAS 表单的身份验证如何工作?

基于表单的身份验证的工作方式是,用户首先尝试从可公开访问的资源文件(如 index.jsp 或 home.jsp)访问受保护的资源(如 /admin/admin.jsp),如果未经身份验证的资源将被重定向到<form-login-page>(如 login.jsp)。

此时容器已保存用户尝试访问的受保护资源的 URL,如果身份验证成功,则会自动重定向到该 URL。如果身份验证失败,您已经知道的用户将被重定向到<form-error-page>.

因此,我建议您将 index.jsp 重命名为 login.jsp 并创建一个带有指向 /admin/admin.jsp 链接的新 index.jsp。您也可以尝试直接访问 admin.jsp。然后它将按您的意愿工作。

于 2013-04-29T15:36:53.610 回答