我在Tomcat 7中有一個需要利用基於表單的安全性的webapp設置。此webapp還使用org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
來重寫URL。UrlRewriteFilter重定向到具有FORM身份驗證的錯誤login.html頁面
僅供參考,這裏的web.xml
文件的相關部分在我webapps/.../WEB-INF
目錄:
<security-role>
<role-name>foo.pr</role-name>
</security-role>
<security-constraint>
<display-name>Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>all.foo</role-name>
</auth-constraint>
<!-- <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> -->
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Authentication</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
<init-param>
<param-name>confReloadCheckInterval</param-name>
<param-value>60</param-value> <!-- -1, 0, or something like 60 -->
</init-param>
<init-param>
<param-name>logLevel</param-name>
<param-value>INFO</param-value>
</init-param>
<init-param>
<param-name>statusEnabledOnHosts</param-name>
<param-value>localhost, 192.168.188.*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
當我嘗試訪問的Web應用程序,安全性旁路,login.html
文件是通過UrlRewriteFilter
通過。我不想要這種行爲;我希望它獲得webapps/ROOT
中的login.html
文件。
對此的任何指導將非常感激。我可能會誤解一些根本性的東西。如果您需要查看其他文件,請告訴我。
在此先感謝!