Tomcat 7 容器管理的安全性和 SSL 不能一起工作jsf 2.1
我使用 JDBCRealm 进行 Tomcat 7 用户身份验证,使用 SSL 进行 https,但我不知道如何组合它们。我的目标是通过 SSL 保证所有页面的安全,并且只能由特定角色查看。我正在使用 JSF 2.1。这是我在 web.xml 中的代码,
<security-role>
<description/>
<role-name>employee</role-name>
</security-role>
<security-role>
<description/>
<role-name>administrator</role-name>
</security-role>
<security-role>
<description/>
<role-name>boss</role-name>
</security-role>
<security-constraint>
<display-name>ConstraintPrac</display-name>
<web-resource-collection>
<web-resource-name>panelprac</web-resource-name>
<url-pattern>panele/pracownik/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
它们似乎是单独工作的,但我需要的是一种组合方式。现在 Tomcat 不会重定向到端口 8443 (https),您只需在浏览器中键入即可访问任何页面。我将此页面用于 SSL http://tomcat.apache.org/tomcat -7.0-doc/ssl-howto.html 和这个用于 JDBCRealm http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html。我希望我的程序仅允许某些角色访问某些页面,同时在 HTTPS 上执行所有操作。请帮我解决这个问题。我不知道我在哪里犯了错误。我没有收到任何错误。
已解决
问题比我想象的要深。 Tomcat 7 不支持自定义表单用户身份验证,因此上面介绍的安全角色不起作用。为了解决这个问题,我必须创建一个 Filter 类来保护未经授权的页面访问。
如果有人遇到同样的问题,我将保留此主题(如果管理员发现此主题不相关,请随时删除它)
I'm using JDBCRealm for Tomcat 7 user auth and SSL for https but I can not figure out how to combine them. My goal is to make all the page secure by SSL and possible to view only by a certain role. I'm using JSF 2.1. Here is my code in web.xml
<security-role>
<description/>
<role-name>employee</role-name>
</security-role>
<security-role>
<description/>
<role-name>administrator</role-name>
</security-role>
<security-role>
<description/>
<role-name>boss</role-name>
</security-role>
<security-constraint>
<display-name>ConstraintPrac</display-name>
<web-resource-collection>
<web-resource-name>panelprac</web-resource-name>
<url-pattern>panele/pracownik/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
They seem to work separately but what i need is a combined way. Now Tomcat is not redirecting to the port 8443 (https) and You can access any page just by typing it in the browser. I used this page for SSL http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html and this one for JDBCRealm http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html. I want my program to allow access certain pages only to certain roles and at the same time do everything on HTTPS. Please help me with this one. I don't know where I've made the mistake. I don't receive any errors.
RESOLVED
The problem was deeper than I thought. Tomcat 7 doesn't support custom form user authentication therefore security roles presented above didn't work. To solve this I had to create a Filter class to protect unauthorized entry's to pages.
I will leave this topic in case someone has the same problem (if the admin finds this topic irrelevant feel free to delete it)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论