请教jive jaas的问题? 09-06-03 deyami LoginServlet中,登录验证中有这样一段 String route = request.getContextPath()+ "/j_security_check?j_username=" + username+ "&j_password="+ password;Debug.logVerbose("[JdonFramework] forward " + route, module);response.sendRedirect(response.encodeRedirectURL(route)); 请问banq,真正调用loginModule进行登录验证的是在j_security_check中吗?j_security_check是什么东西?为什么所有配置文件中都没有发现?
oojdon 2009-06-03 23:18 j_security_check的action路径会被容器截获,然后调用JAAS,你要配置的只是web.xml,把验证交给容器。 <security-constraint> <display-name>admin security</display-name> <web-resource-collection> <web-resource-name>Admin input</web-resource-name> <url-pattern>/admin/*</url-pattern> </web-resource-collection> <web-resource-collection> <web-resource-name>forum admin</web-resource-name> <url-pattern>/forum/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> </auth-constraint> </security-constraint> <security-constraint> <display-name>User security</display-name> <web-resource-collection> <web-resource-name>User post</web-resource-name> <url-pattern>/message/*</url-pattern> </web-resource-collection> <web-resource-collection> <web-resource-name>User post</web-resource-name> <url-pattern>/account/protected/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>User</role-name> <role-name>Admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/jasslogin</form-login-page> <form-error-page>/account/login/login_error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description>administrator</description> <role-name>Admin</role-name> </security-role> <security-role> <description>register user</description> <role-name>User</role-name> </security-role>[该贴被oojdon于2009-06-03 23:20修改过]