2

我有一个 Java-webapp。webapp 被打包为一个战争文件。这些战争文件允许通过 HTTP 直接传递的静态内容。对于这场战争中的 servlet,我可以进行 HTTP 身份验证(用 servlet 本身实现)。但我也想要静态内容的 HTTP-auth。我怎么能意识到这一点?

4

2 回答 2

3

将您的静态 html 文件放在一个目录中,并在您的 web.xml 中定义您的安全约束。将约束映射到适当的角色。

<security-constraint>
        <display-name>securedResources</display-name>
        <web-resource-collection>
            <web-resource-name>securedRes</web-resource-name>
            <url-pattern>/secured/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>PUT</http-method>
            <http-method>HEAD</http-method>
            <http-method>TRACE</http-method>
            <http-method>POST</http-method>
            <http-method>DELETE</http-method>
            <http-method>OPTIONS</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description>
            authenticatedUser_securedRes</description>
            <role-name>authenticatedUsed</role-name>
        </auth-constraint>
    </security-constraint>
于 2009-05-05T16:04:30.073 回答
2

Create a class that implements javax.servlet.Filter. See The Essentials of Filters

The main method is doFilter that is passed the ServletRequest, ServletResponse and FilterChain objects. That's where you enforce authentication.

Then declare your filter in web.xml and a filter mapping as following (maps to every request)

    <filter>
            <filter-name>Authentication Filter</filter-name>
            <filter-class>
                    com.nfsdsystems.security.filters.AuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
            <filter-name>Authentication Filter</filter-name>
            <url-pattern>/*</url-pattern>
    </filter-mapping>
于 2009-05-05T15:18:40.120 回答