Websphere:web.xml 中的安全约束不起作用
我想保护单个 .jsp 页面免遭匿名访问。我正在尝试通过以下方式做到这一点:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>
t-webapp</display-name>
<servlet>
<servlet>
<description>
</description>
<display-name>
ZServlet</display-name>
<servlet-name>ZServlet</servlet-name>
<servlet-class>
a.b.c.d.application.t.ZServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ZServlet</servlet-name>
<url-pattern>/ZServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>
TTests</display-name>
<web-resource-collection>
<web-resource-name>TTests</web-resource-name>
<url-pattern>/ttests.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint>
<description>
TServletRoles</description>
<role-name>role_admin1</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
role_admin1</description>
<role-name>role_admin1</role-name>
</security-role>
但每当我访问 ttests.jsp 时,我都会立即获得访问权限 - 无需填写用户名/密码...我错过了什么?
多谢!
I'd like to protect a single .jsp-page from anonymous access. I'm trying to do that the following way:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>
t-webapp</display-name>
<servlet>
<servlet>
<description>
</description>
<display-name>
ZServlet</display-name>
<servlet-name>ZServlet</servlet-name>
<servlet-class>
a.b.c.d.application.t.ZServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ZServlet</servlet-name>
<url-pattern>/ZServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>
TTests</display-name>
<web-resource-collection>
<web-resource-name>TTests</web-resource-name>
<url-pattern>/ttests.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint>
<description>
TServletRoles</description>
<role-name>role_admin1</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
role_admin1</description>
<role-name>role_admin1</role-name>
</security-role>
But whenever I'm accessing ttests.jsp, I'm getting access immediately - without having to fill username/password... what am I missing?
Thanks a lot!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
第一步是确保在您的 websphere 配置文件上启用全局安全性,并选中启用应用程序安全性复选框。
The first step would be to make sure that global security is enabled on your websphere profile with the Enable application security check box checked.