请问在web.xml设置的role-name怎么和数据库里面的值对应?

03-07-24 ajoke

我现在看Service-to-Worker模式,看到里面有role-name在web.xml里面,我想弄个字段表示相应id的人所在的role属性,但是怎么和web.xml的配置对照起来?

另外petstore里面的j_security_check是怎么处理的?

Fish
2003-07-25 09:18

我给你写了一个,你看看吧,在resin下正常使用。如果其它的服务器不好用可以做相应的更改

<web-app>

<welcome-file-list>

<welcome-file>index.html</welcome-file>

</welcome-file-list>

<!--直接把用户和角色配置在xml里

<authenticator>

<class-name>com.caucho.http.security.XmlAuthenticator</class-name>

<init-param user='Harry Potter:quidditch:user,gryffindor'/>

<init-param user='Draco Malfoy:pureblood:user,slytherin'/>

<init-param user='Fish:pwd:admin_user'/>

</authenticator>

-->

<!-- 从数据库里取用户和角色 -->

<authenticator id='com.caucho.http.security.JdbcAuthenticator'>

<pool-name>cncworkdb</pool-name>

<password-query>

SELECT password FROM userInfo WHERE userName=?

</password-query>

<cookie-auth-query>

SELECT cookie FROM userInfo WHERE userName=?

</cookie-auth-query>

<cookie-auth-update>

UPDATE userInfo SET cookie=? WHERE userName=?

</cookie-auth-update>

<role-query>

SELECT userRole FROM userInfo WHERE userName=?

</role-query>

</authenticator>

<!-- 设置被保护的资源 -->

<security-constraint>

<web-resource-collection>

<url-pattern>/FishTest/*.jsp</url-pattern>

<url-pattern>/FishTest/*.htm</url-pattern>

<url-pattern>/FishTest/*.html</url-pattern>

</web-resource-collection>

<auth-constraint role-name='admin'/>

</security-constraint>

<!-- 设置登录页面及登录失败页面 -->

<login-config>

<auth-method>FORM</auth-method>

<realm-name>default</realm-name>

<form-login-config>

<form-login-page>/FishTest/Login.jsp</form-login-page>

<form-error-page>/FishTest/LoginError.html</form-error-page>

<internal-forward>false</internal-forward>

<form-uri-priority>true</form-uri-priority>

</form-login-config>

</login-config>

</web-app>

Fish
2003-07-25 09:19

我给你写了一个,你看看吧,在resin下正常使用。如果其它的服务器不好用可以做相应的更改

<web-app>
  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
  </welcome-file-list>

<!--直接把用户和角色配置在xml里
<authenticator>
	<class-name>com.caucho.http.security.XmlAuthenticator</class-name>
	<init-param user='Harry Potter:quidditch:user,gryffindor'/>
	<init-param user='Draco Malfoy:pureblood:user,slytherin'/>
	<init-param user='Fish:pwd:admin_user'/>
</authenticator>
-->
<!-- 从数据库里取用户和角色 -->
<authenticator id='com.caucho.http.security.JdbcAuthenticator'>
	<pool-name>cncworkdb</pool-name>
	<password-query>
		SELECT password FROM userInfo WHERE userName=?
	</password-query>
	<cookie-auth-query>
		SELECT cookie FROM userInfo WHERE userName=?
	</cookie-auth-query>
	<cookie-auth-update>
		UPDATE userInfo SET cookie=? WHERE userName=?
	</cookie-auth-update>
	<role-query>
		SELECT userRole FROM userInfo WHERE userName=?
	</role-query>
</authenticator>

<!-- 设置被保护的资源 -->
  <security-constraint> 
     <web-resource-collection> 
        <url-pattern>/FishTest/*.jsp</url-pattern> 
  	<url-pattern>/FishTest/*.htm</url-pattern> 
  	<url-pattern>/FishTest/*.html</url-pattern> 
     </web-resource-collection> 
     <auth-constraint role-name='admin'/>
  </security-constraint>

<!-- 设置登录页面及登录失败页面 -->
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>default</realm-name>
    <form-login-config>
      <form-login-page>/FishTest/Login.jsp</form-login-page>
      <form-error-page>/FishTest/LoginError.html</form-error-page>
      
      <internal-forward>false</internal-forward>	
      <form-uri-priority>true</form-uri-priority>
      
    </form-login-config>
  </login-config>



</web-app>

<p>

ajoke
2003-07-25 18:55

Fish:

在web.xml这样写能够把数据库里面的信息和role-name对照起来?能不能给一个在登陆处理(.jsp或servlet)中怎么用的代码吗?

Fish
2003-07-26 14:46

这是登录页的代码
<form action='j_security_check' method='POST'>
<table>
<tr><td>User:<td><input name='j_username'>
<tr><td>Password:<td><input name='j_password'>
<tr><td colspan=2>hint: the password is 'quidditch'
<tr><td><input type=submit>
</table>
</form>
<p>