2. DataSourceRealm + FORM認證
- Accesses authentication information stored in a relational database, accessed via a named JNDI JDBC DataSource.
- 通過JNDI訪問關係型數據庫,獲取認證信息
2.1 創建Realm所需的數據表
mysql -uroot -p < security.sql
2.2 配置DataSourceRealm
$CATALINA_BASE/conf/server.xml 設置DATA SOURCE
<Resource auth="Container"
driverClassName="org.gjt.mm.mysql.Driver"
type="javax.sql.DataSource"
name="jdbc/rest-security"
username="root" password="root"
url="jdbc:mysql://localhost:3306/simple_service_book"
validationQuery="select 1 from users"/>
設置DataSourceRealm
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/rest-security"
userTable="users"
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name"/>
2.3 數據庫驅動
拷貝Mysql的JDBC驅動到$CATALINA_HOME/lib目錄。使用Maven的項目可以從本地倉庫取得,否則從網上搜吧。
M2_REPO/mysql/mysql-connector-java/5.1.25/mysql-connector-java-5.1.25.jar
(倉庫地址舉例:M2_REPO=C:\Users\hanl\.m2\repository)
2.4 配置應用的web.xml
/security-rest/src/main/webapp/WEB-INF/web.xml
<resource-ref>
<description>MySQL DB Connection Pool</description>
<res-ref-name>jdbc/rest-security</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<web-resource-collection>
<url-pattern>/webapi/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>UPDATE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<web-resource-collection>
<url-pattern>/webapi/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<welcome-file-list>
<welcome-file>/index.html</welcome-file>
</welcome-file-list>
2.5 登錄頁面
<form action="j_security_check">
<div>
<span>User Name</span>
<input id="j_username" name="j_username" type="text" />
</div>
<div style="margin-top:10px;margin-bottom:10px;">
<span>Pass Word</span>
<input id="j_password" name="j_password" type="password" />
</div>
<input type="submit" value="Sign In" />
</form>
2.6 FORM認證
C:\Users\hanl.m2\repository\org\apache\tomcat\tomcat-catalina\7.0.42\tomcat-catalina-7.0.42-sources.jar
2.7 應用權限測試
測試用例1
測試地址=http://localhost:8080/security-rest/
測試方法=FORM j_security_check
測試用戶=eric role=admin
測試結果=**302 Found**
測試用例2
測試地址=http://localhost:8080/security-rest/webapi/books
測試方法=POST
測試用戶=eric role=admin
測試結果=**200 OK**
測試用例3
測試地址=http://localhost:8080/security-rest/webapi/books
測試方法=POST
測試用戶=caroline role=user
測試結果=**403 Forbidden**