请教jive jaas的问题?

LoginServlet中,登录验证中有这样一段


String route = request.getContextPath()+ "/j_security_check?j_username=" + username+ "&j_password="+ password;

Debug.logVerbose("[JdonFramework] forward " + route, module);
response.sendRedirect(response.encodeRedirectURL(route));

请问banq,真正调用loginModule进行登录验证的是在j_security_check中吗?
j_security_check是什么东西?为什么所有配置文件中都没有发现?

j_security_check的action路径会被容器截获,然后调用JAAS,你要配置的只是web.xml,把验证交给容器。


	<security-constraint>
		<display-name>admin security</display-name>
		<web-resource-collection>
			<web-resource-name>Admin input</web-resource-name>
			<url-pattern>/admin/*</url-pattern>
		</web-resource-collection>
		<web-resource-collection>
			<web-resource-name>forum admin</web-resource-name>
			<url-pattern>/forum/admin/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>Admin</role-name>
		</auth-constraint>
	</security-constraint>
	<security-constraint>
		<display-name>User security</display-name>
		<web-resource-collection>
			<web-resource-name>User post</web-resource-name>
			<url-pattern>/message/*</url-pattern>
		</web-resource-collection>
		<web-resource-collection>
			<web-resource-name>User post</web-resource-name>
			<url-pattern>/account/protected/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>User</role-name>
			<role-name>Admin</role-name>
		</auth-constraint>
	</security-constraint>
	<login-config>
		<auth-method>FORM</auth-method>
		<form-login-config>
			<form-login-page>/jasslogin</form-login-page>
			<form-error-page>/account/login/login_error.jsp</form-error-page>
		</form-login-config>
	</login-config>
	<security-role>
		<description>administrator</description>
		<role-name>Admin</role-name>
	</security-role>
	<security-role>
		<description>register user</description>
		<role-name>User</role-name>
	</security-role>

[该贴被oojdon于2009-06-03 23:20修改过]