4

我的 Web 应用程序遇到了这个问题,我正在通过 Tomcat 执行基于表单的身份验证,它会将我重定向到徽标图像文件,而不是重定向到包含该徽标图像的 index.html 文件...

我要去:

http://localhost:8080/GenTreeUploader/Servlet

然后它给了我登录表单,成功登录后,我不在我要去的那个 url 中,但我被重定向到:

http://localhost:8080/GenTreeUploader/images/gdia_logo.png

在我通过身份验证后,我去:

http://localhost:8080/GenTreeUploader/Servlet

然后我被重定向到正确的位置而不是图像文件。

我附上了我的 web.xml 文件:

    <?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

    <!-- WELCOME FILE LIST -->
    <welcome-file-list>
        <welcome-file>/Servlet</welcome-file>
    </welcome-file-list>

    <!-- Security -->

    <security-constraint>

        <web-resource-collection>
            <web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>

        <auth-constraint>
            <role-name>tomcat</role-name>
        </auth-constraint>

        <user-data-constraint>
            <!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/error.html</form-error-page>
        </form-login-config>
    </login-config>

     <!-- Main Servlet -->
    <servlet>
        <servlet-name>GenTreeUploaderServlet</servlet-name>
        <servlet-class>org.ktu.gdia.presentation.web.GenTreeUploader</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>GenTreeUploaderServlet</servlet-name>
        <url-pattern>/Servlet</url-pattern>
    </servlet-mapping>


    <session-config>
        <session-timeout>
            60
        </session-timeout>
    </session-config>
</web-app>

好?任何想法为什么它不能按预期工作?提前致谢。

4

1 回答 1

5

重定向实际上正在发生,因为登录文件中请求的那些资源实际上受到了保护,因为我选择了整个路径作为安全资源:

<web-resource-collection>
        <web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>

因此,我创建了一个名为“Admin”的新文件夹,并将需要保护的文件移到那里,并修改了 servlet 的路径。这是我当前(固定)web.xml 的样子:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

    <!-- WELCOME FILE LIST -->
    <welcome-file-list>
        <welcome-file>Admin/Servlet</welcome-file>
    </welcome-file-list>

    <!-- Security -->

    <security-constraint>

        <web-resource-collection>
            <web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
            <url-pattern>/Admin/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>

        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>

        <user-data-constraint>
            <!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/error.html</form-error-page>
        </form-login-config>
    </login-config>

     <!-- Main Servlet -->
    <servlet>
        <servlet-name>GenTreeUploaderServlet</servlet-name>
        <servlet-class>org.ktu.gdia.presentation.web.GenTreeUploader</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>GenTreeUploaderServlet</servlet-name>
        <url-pattern>/Admin/Servlet</url-pattern>
    </servlet-mapping>


    <session-config>
        <session-timeout>
            60
        </session-timeout>
    </session-config>
</web-app>

所以现在 Tomcat 不会在我登录后将我重定向到图像或 css 文件,因为现在任何人都可以在没有身份验证的情况下访问它们。

于 2013-05-23T03:00:27.883 回答