请教jive jaas的问题?

deyami 09-06-03

LoginServlet中,登录验证中有这样一段


String route = request.getContextPath()+ "/j_security_check?j_username=" + username+ "&j_password="+ password;

Debug.logVerbose(
"[JdonFramework] forward " + route, module);
response.sendRedirect(response.encodeRedirectURL(route));


请问banq,真正调用loginModule进行登录验证的是在j_security_check中吗?
j_security_check是什么东西?为什么所有配置文件中都没有发现?

1
oojdon
2009-06-03 23:18

j_security_check的action路径会被容器截获,然后调用JAAS,你要配置的只是web.xml,把验证交给容器。


<security-constraint>
<display-name>admin security</display-name>
<web-resource-collection>
<web-resource-name>Admin input</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>forum admin</web-resource-name>
<url-pattern>/forum/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>User security</display-name>
<web-resource-collection>
<web-resource-name>User post</web-resource-name>
<url-pattern>/message/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>User post</web-resource-name>
<url-pattern>/account/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>User</role-name>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jasslogin</form-login-page>
<form-error-page>/account/login/login_error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>administrator</description>
<role-name>Admin</role-name>
</security-role>
<security-role>
<description>register user</description>
<role-name>User</role-name>
</security-role>

[该贴被oojdon于2009-06-03 23:20修改过]