当用户名和密码正确时,j_security_check 给出 403 页面
我正在使用 j_security_check 实现基于 FORM 的身份验证和 我现在遇到以下问题:
好的,这是我的配置文件: web.xml:
<security-constraint>
<display-name>Efood Security</display-name>
<web-resource-collection>
<web-resource-name>Secured Area</web-resource-name>
<url-pattern>/checkout.jspx</url-pattern>
<url-pattern>/checkout</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>friend</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Secured eFood Area</realm-name>
<form-login-config>
<form-login-page>/login.jspx</form-login-page>
<form-error-page>/error.jspx</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>10001</role-name>
</security-role>
<error-page>
<error-code>403</error-code>
<location>/403.jspx</location>
</error-page>
在 server.xml 中,
<GlobalNamingResources>
....
<Resource driverClassName="org.apache.derby.jdbc.ClientDriver"
factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" name="jdbc/CSE"
password="secret" type="javax.sql.DataSource"
url = "jdbc:derby://hostname:port/DB" username="student" />
</GlobalNamingResources>
....
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className = "org.apache.catalina.realm.DataSourceRealm"
driverName="org.apache.derby.jdbc.ClientDriver"
debug="99"
dataSourceName = "jdbc/DB" userTable = "users"
userNameCol = "login" userCredCol="password"
userRoleTable = "users" roleNameCol = "login" />
</Realm>
在 context.xml
<ResourceLink type="javax.sql.DataSource" name="jdbc/DB" global="jdbc/DB"/>
所以我的问题是,当我输入正确的凭据时,我得到 403 页面。 如果我输入错误的用户名和密码,我将被重定向到 error.jsp, 这意味着它检查数据库,但是,我不知道问题是什么。
有人对通过数据库进行身份验证有任何熟悉的问题吗?
另外,我不确定如何使用角色名称执行安全角色标记,因为给定的表只有用户名和密码。
提前致谢!
I am implementing FORM based authentication with j_security_check and
I am stuck with the following problem now:
Ok here are my config files:
web.xml:
<security-constraint>
<display-name>Efood Security</display-name>
<web-resource-collection>
<web-resource-name>Secured Area</web-resource-name>
<url-pattern>/checkout.jspx</url-pattern>
<url-pattern>/checkout</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>friend</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Secured eFood Area</realm-name>
<form-login-config>
<form-login-page>/login.jspx</form-login-page>
<form-error-page>/error.jspx</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>10001</role-name>
</security-role>
<error-page>
<error-code>403</error-code>
<location>/403.jspx</location>
</error-page>
in server.xml
<GlobalNamingResources>
....
<Resource driverClassName="org.apache.derby.jdbc.ClientDriver"
factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" name="jdbc/CSE"
password="secret" type="javax.sql.DataSource"
url = "jdbc:derby://hostname:port/DB" username="student" />
</GlobalNamingResources>
....
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className = "org.apache.catalina.realm.DataSourceRealm"
driverName="org.apache.derby.jdbc.ClientDriver"
debug="99"
dataSourceName = "jdbc/DB" userTable = "users"
userNameCol = "login" userCredCol="password"
userRoleTable = "users" roleNameCol = "login" />
</Realm>
in context.xml
<ResourceLink type="javax.sql.DataSource" name="jdbc/DB" global="jdbc/DB"/>
So my problem is that I get 403 page when I enter correct credentials.
If I enter wrong username and password I am redirected to error.jsp,
which means that it checks the DB, however, I don't know what the problem is.
Anyone had any familiar issues with authentication through DB?
Also, I am not sure how to do the secrity-role tag with role-names, because the given table only has username and password.
Thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您没有授权角色,请使用
并删除
If you don't have authorization roles, use
and remove the
<security-role>.