我正在尝试构建David Heffelfinger的书《使用NetBeans开发Java EE 5:使用这个流行的IDE快速轻松地开发专业企业Java EE 5应用程序》第2章中所描述的securewebapp。在执行最后一步(glassfish特定的安全配置)时,我试图运行该程序。我得到以下错误消息:
deploy?DEFAULT=/home/bjorn/NetBeansProjects/securewebapp/build/web&name=securewebapp&contextroot=/securewebapp&force=true failed on GlassFish Server 3+
Error occurred during deployment: Exception while deploying the app [securewebapp] : org.xml.sax.SAXParseException; lineNumber: 28; columnNumber: 57; Deployment descriptor file WEB-INF/web.xml in archive [web]. cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.. Please see server.log for more details.
/home/bjorn/NetBeansProjects/securewebapp/nbproject/build-impl.xml:1033: The module has not been deployed.
See the server log for details.
BUILD FAILED (total time: 2 seconds)
日志文件显示:
SEVERE: DPL8015: Invalid Deployment Descriptors in Deployment descriptor file WEB-INF/web.xml in archive [web].
Line 28 Column 57 -- cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.
SEVERE: DPL8005: Deployment Descriptor parsing failure : cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.
SEVERE: Exception while deploying the app [securewebapp]
SEVERE: org.xml.sax.SAXParseException; lineNumber: 28; columnNumber: 57; Deployment descriptor file WEB-INF/web.xml in archive [web]. cvc-pattern-valid: Value 'index.jsp' is not facet-valid with respect to pattern '/.*' for type '#AnonType_war-pathType'.
有人知道该怎么做才能获得安全的web应用程序工作吗?
编辑:web.xml文件包含:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<servlet>
<servlet-name>SecureServlet</servlet-name>
<servlet-class>SecureServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SecureServlet</servlet-name>
<url-pattern>/SecureServlet</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<security-constraint>
<display-name>Admin Pages</display-name>
<web-resource-collection>
<web-resource-name>Administrative Pages</web-resource-name>
<description/>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>index.jsp</form-login-page>
<form-error-page>errorpage.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Administrator</description>
<role-name>admin</role-name>
</security-role>
<security-role>
<description>User</description>
<role-name>user</role-name>
</security-role>
</web-app>
更改<login-config>并将/放入文件路径
<form-login-config>
<form-login-page>/index.jsp</form-login-page>
<form-error-page>/errorpage.jsp</form-error-page>
</form-login-config>
编辑:如何基于JAAS形式的身份验证工作?
基于表单的身份验证的工作方式是,用户首先尝试从可公开访问的资源文件(如index.jsp或home.jsp)访问受保护的资源(如/admin/admin.jsp),如果未经身份验证,则重定向到<form-login-page>(如login.jsp)。
此时容器已经保存了用户试图访问的受保护资源的URL,如果身份验证成功,会自动将重定向到该资源。如果身份验证失败,您已经知道用户将被重定向到<form-error-page>。
因此,我建议您将index.jsp重命名为login.jsp,并创建一个新的index.jsp,其中包含到/admin/admin.jsp的链接。您也可以尝试直接访问admin.jsp。然后它就会按照你想要的那样工作。