tomcat + JONAS(J2ee) + Struts(注:初级者)
J2ee有多种用户认证的方式
在web.xml的login-config小节里进行配置。
问题
1,用户认证必须经过login-config小节吗?能否可以像以前那样,(越过j2ee的认证机制)直接用jsp提交后,直接到数据库里认证查询,然后扔到session中?
2,我的login.jsp提交后,走到后台是什么个路线?为什么走不到LoginAction中去,就返回login.jsp页面了。没有任何错误提示。好像是和j2ee的认证有关,不知道从哪下手解决。望指教。
代码,与配置片断:
=========login.jsp================
....
<html:form action="/login" styleId="formMain" method="post" >
....
<html:form>
=========struts-config.xml================
<form-beans>
<form-bean name="loginForm"
type="com.hitachijoho.keiri.kaikei.web.struts.forms.LoginForm"/>
</form-beans>
<action path="/login"
type="com.hitachijoho.keiri.kaikei.web.struts.actions.LoginAction"
input="/login.jsp"
name="loginForm"
scope="session"
validate="false">
<forward name="success" path="/smenu.jsp"/>
</action>
=========web.xml================
<security-constraint>
<web-resource-collection>
<web-resource-name>User Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/logoff.do</url-pattern>
<url-pattern>/login.do</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>user</role-name>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
....
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Kaikei Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>
