JDBC Realm登录页面



我试图使用JDBC领域创建一个登录页面,但没有成功。

我的步骤:

  1. 创建数据库、用户和组表
  2. 创建连接池和数据源,自定义领域
  3. 添加安全角色映射、登录约束、安全约束和安全角色
  4. 创建登录jsp和登录servlet

我可以在创建过程中ping连接池。

执行上述任务所需的最低配置是什么?

我的代码:

create table login
(
  username varchar(128) NOT NULL CONSTRAINT usernamePk primary key, 
  password varchar(128) NOT NULL 
);
insert into Login values('peterwkc', '1234');

create table grouptable
(
        username varchar(128) NOT NULL,
        groupid  varchar(128) NOT NULL,
        CONSTRAINT GROUP_PK PRIMARY KEY(username, groupid),
        CONSTRAINT USER_FK FOREIGN KEY(username) REFERENCES Login (username)
            ON DELETE CASCADE ON UPDATE RESTRICT
);

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>faces/Login.jsp</welcome-file>
    </welcome-file-list>
    <security-constraint>
        <display-name>LoginConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>MyResource</web-resource-name>
            <description/>
            <url-pattern>/LoginController</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>User</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>Login</realm-name>
        <form-login-config>
            <form-login-page>/Login.jsp</form-login-page>
            <form-error-page>/Error.jsp</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description/>
        <role-name>User</role-name>
    </security-role>
    <security-role>
        <description/>
        <role-name>Admin</role-name>
    </security-role>
</web-app>

glassfish-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
  <context-root>/JDBC_Realm</context-root>
  <security-role-mapping>
    <role-name>User</role-name>
    <group-name>User</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>Admin</role-name>
    <principal-name>peterwkc</principal-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</glassfish-web-app>

登录.jsp:

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@taglib prefix="f" uri="http://java.sun.com/jsf/core"%>
<%@taglib prefix="h" uri="http://java.sun.com/jsf/html"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  "http://www.w3.org/TR/html4/loose.dtd">
<%--
    This file is an entry point for JavaServer Faces application.
--%>
<f:view>
  <html>
    <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
      <title>JSP Page</title>
    </head>
    <body>
      <h1><h:outputText value="JavaServer Faces"/></h1>
      <form action="LoginController" method="POST" id="LoginForm" name="LoginForm">
        Username : <input type="text" name="username" /><p></p>
        Password : <input type="password" name="password" />
        <input type="submit" name="submit" value="Login"/>
      </form>
    </body>
  </html>
</f:view>

LoginController.java:

@WebServlet(name = "LoginController", urlPatterns = {"/LoginController"})
public class LoginController extends HttpServlet {
  @Override
  public void init() throws ServletException {
    getServletConfig();
  }
  @Override
  public void destroy() {
  }
  /** 
   * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
   * @param request servlet request
   * @param response servlet response
   * @throws ServletException if a servlet-specific error occurs
   * @throws IOException if an I/O error occurs
   */
  protected void processRequest(HttpServletRequest request, HttpServletResponse response)
          throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();
    try {
      /* TODO output your page here
      out.println("<html>");
      out.println("<head>");
      out.println("<title>Servlet LoginController</title>");  
      out.println("</head>");
      out.println("<body>");
      out.println("<h1>Servlet LoginController at " + request.getContextPath () + "</h1>");
      out.println("</body>");
      out.println("</html>");
       */
    } finally {      
      out.close();
    }
  }
  // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
  /** 
   * Handles the HTTP <code>GET</code> method.
   * @param request servlet request
   * @param response servlet response
   * @throws ServletException if a servlet-specific error occurs
   * @throws IOException if an I/O error occurs
   */
  @Override
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
          throws ServletException, IOException {
//        processRequest(request, response);
    PrintWriter out = null;
    try {
      response.setContentType("text/html;charset=UTF-8");
      out = response.getWriter();

    } finally {
      out.close();
    }
  }
  /** 
   * Handles the HTTP <code>POST</code> method.
   * @param request servlet request
   * @param response servlet response
   * @throws ServletException if a servlet-specific error occurs
   * @throws IOException if an I/O error occurs
   */
  @Override
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
          throws ServletException, IOException {
    processRequest(request, response);
  }
  /** 
   * Returns a short description of the servlet.
   * @return a String containing servlet description
   */
  @Override
  public String getServletInfo() {
    return "Short description";
  }// </editor-fold>
}

我遵循本教程。http://blog.gamatam.com/2009/11/jdbc-realm-setup-with-glassfish-v3.html

问题:1.为什么我的代码不起作用?

请帮忙。谢谢

如果您按照教程学习,Glassfish希望在usertable中找到密码的MD5哈希。但您插入了1234。你要么必须插入1234的MD5散列,即:81dc9bdb52d04dc20036dbd8313ed055,要么你可以告诉Glassfish使用普通密码,但我不知道该在Digest中放什么。

HTH-

编辑

在教程中,领域名称是security,但在web.xml中,它被命名为Login

编辑2

还有更多的错误:要使用Glassfish的自动登录机制,login.jsp中的表单应具有action="j_security_check",用户名和密码应分别为j_usernamej_password

另请参阅Matt Handy的回答和评论,并提供更多详细信息(如错误消息等)。否则,如果你只是说"它不起作用",就很难提供帮助

配置jdbc领域有点棘手。你在问题中提供了很多信息,但没有描述错误行为。

一些想法:

您有一个分组表,但它包含行(petewkc,User)吗?

你存储了密码的哈希吗?

JDBC领域配置是什么样子的?

如果您将安全模块的日志记录设置为best,server.log中有什么?

我已经分析性地回答了您的问题(内部可能有小错误),请查看:
JDBC领域表单身份验证如何

相关内容

  • 没有找到相关文章

最新更新