security5.html

j2eePDF格式的电子书

</pre></div>
<a name="wp279877"> </a><h4 class="pHeading3">
Creating the Login Form and Error Page
</h4>
<a name="wp279888"> </a><p class="pBody">
The Security tabbed pane specifies the JSP page that contains the form to be used to obtain the user name and password in order to verify that access to the client is authorized to that user. If login authentication fails, the error page is displayed in place of the requested page.
</p>
<a name="wp279996"> </a><p class="pBody">
The login page can be an HTML page, a JSP page, or a servlet, and must return an HTML page containing a form that conforms to specific naming conventions (see the Java Servlet 2.4 Specification for more information on these requirements). The content of the login form in an HTML page, JSP page, or servlet for a login page should be as follows: 
</p>
<div class="pPreformattedRelative"><pre class="pPreformattedRelative">
&lt;form method=post action=&quot;j_security_check&quot; &gt;
 &lt;input type=&quot;text&quot;  name= &quot;j_username&quot; &gt;
 &lt;input type=&quot;password&quot;  name= &quot;j_password&quot; &gt;
&lt;/form&gt;<a name="wp279997"> </a>
</pre></div>
<a name="wp279889"> </a><p class="pBody">
The full code for the login page used in this example can be found at <code class="cCode">&lt;</code><code class="cVariable">INSTALL</code><code class="cCode">&gt;/j2eetutorial14/examples/security/formbasedauth/web/logon.jsp</code>. An example of the running login form page is shown in <a  href="Security5.html#wp279775">Figure 27-1</a>.
</p>
<a name="wp280086"> </a><p class="pBody">
The login error page is displayed if a user name and password combination that is not authorized to access the protected URI is entered on the login page. For this example, the login error page can be found at <code class="cCode">&lt;</code><code class="cVariable">INSTALL</code><code class="cCode">&gt;/j2eetutorial14/examples/security/formbasedauth/web/logonError.jsp</code>. The code for this page is displayed below:
</p>
<div class="pPreformattedRelative"><pre class="pPreformattedRelative">
<code class="cCode">&lt;html&gt;
&lt;head&gt;
&lt;title&gt;
 Login Error
&lt;/title&gt;
&lt;/head&gt;
&lt;c:url var=&quot;url&quot; value=&quot;/logon.jsp&quot;/&gt;
&lt;p&gt;&lt;a href=&quot;${url}&quot;&gt;Try again.&lt;/a&gt;&lt;/p&gt;
&lt;/html&gt;</code><a name="wp280105"> </a>
</pre></div>
<a name="wp280108"> </a><h4 class="pHeading3">
Specifying Security Elements for Form-Based Authentication
</h4>
<a name="wp279370"> </a><p class="pBody">
The following elements are added to this application using <code class="cCode">deploytool</code> to enable form-based authentication.
</p>
<div class="pSmartList1"><ul class="pSmartList1">
<a name="wp280131"> </a><div class="pSmartList1"><li>The Security Constraint is used to define the access privileges to a collection of resources using their URL mapping.</li></div>
<a name="wp304929"> </a><div class="pSmartList1"><li>The Web Resource Collection is used to identify a subset of the resources within a Web application to which a security constraint applies. In this example, by specifying an URL pattern of <code class="cCode">/*</code>, we are specifying that all resources in this application are protected. </li></div>
<a name="wp280265"> </a><div class="pSmartList1"><li>The Authorized Roles list indicates the user roles that should be permitted access to this resource collection. In this example, it is users assigned the role of <code class="cCode">loginUser</code>. If no role name is provided, no user is allowed to access the portion of the Web application described by the security constraint.</li></div>
<a name="wp280260"> </a><div class="pSmartList1"><li>The User Authentication Method is used to configure the authentication method that should be used and the attributes needed by the form login mechanism. The Login Page parameter provides the URI of a Web resource relative to the document root that will be used to authenticate the user. The Error Page parameter requires a URI of a Web resource relative to the document root that send a response when authentication has failed. </li></div>
</ul></div>
<a name="wp305588"> </a><p class="pBody">
In the J2EE 1.4 Application Server, these security elements are added to the application using <code class="cCode">deploytool</code>, after the application has been packaged. Information on adding the security elements to this application using <code class="cCode">deploytool</code> is discussed in <a  href="Security5.html#wp305531">Adding Security to the Form-Based Example</a>.
</p>
<a name="wp304671"> </a><h4 class="pHeading3">
Building, Packaging, Deploying, and Running the Form-Based Authentication Example
</h4>
<a name="wp305259"> </a><p class="pBody">
To build, package, deploy, and run the <code class="cCode">security/formbasedauth</code> example, which uses form-based authentication, follow these steps.
</p>
<a name="wp305252"> </a><h5 class="pHeading4">
Building the Form-Based Authentication Example
</h5>
<div class="pSmartList1"><ol type="1" class="pSmartList1">
<a name="wp279633"> </a><div class="pSmartList1"><li>Follow the instructions in <a  href="WebApp3.html#wp213795">Setting Up To Build and Deploy Tutorial Examples</a>.</li></div>
<a name="wp279675"> </a><div class="pSmartList1"><li>Follow the instructions in <a  href="Security5.html#wp159083">Adding Authorized Users</a>.</li></div>
<a name="wp279634"> </a><div class="pSmartList1"><li>Go to the <code class="cCode">&lt;</code><code class="cVariable">INSTALL</code><code class="cCode">&gt;/j2eetutorial14/examples/security/formbasedauth/</code> directory.</li></div>
<a name="wp279635"> </a><div class="pSmartList1"><li>Build the Web application by entering the following at the terminal window or command prompt in the <code class="cCode">formbasedauth/</code> directory (this and the following steps that use <code class="cCode">asant</code> assume that you have the executable for <code class="cCode">asant</code> in your path: if not, you will need to provide the fully-qualified path to the executable). This command runs the target named <code class="cCode">build</code> in the <code class="cCode">build.xml</code> file. The build target compiles any Java files in the application and copies Web components to the appropriate directories for deployment.</li></div>
<a name="wp279636"> </a><p class="pBodyRelative">
<code class="cCode">&nbsp;&nbsp;asant build</code>
</p>
</ol></div>
<a name="wp305290"> </a><h5 class="pHeading4">
Packaging the Web Application
</h5>
<div class="pSmartList1"><ol type="1" class="pSmartList1">
<a name="wp305291"> </a><div class="pSmartList1"><li>Start the J2EE 1.4 Application Server if you have not already done so. For information on starting the Application Server, see <a  href="WebApp3.html#wp213803">Starting and Stopping the J2EE Application Server</a>.</li></div>
<a name="wp374155"> </a><div class="pSmartList1"><li>Start <code class="cCode">deploytool</code>. Information on starting <code class="cCode">deploytool</code> can be found in <a  href="WebApp3.html#wp213832">Starting the deploytool Utility</a>.</li></div>
<a name="wp305429"> </a><div class="pSmartList1"><li>Package the <code class="cCode">formbasedauth</code> example using <code class="cCode">deploytool</code> following these steps. More detail on packaging Web applications can be found at <a  href="WebApp5.html#wp115753">Packaging Web Modules</a>.</li></div>
<div class="pSmartList2"><ol type="a" class="pSmartList2">
<a name="wp305441"> </a><div class="pSmartList2"><li>Select File<span style="font-family: Symbol"><img src="images/arrwrite.gif" border="0" alt="Right Arrow"></span>New<span style="font-family: Symbol"><img src="images/arrwrite.gif" border="0" alt="Right Arrow"></span>Web Component from the <code class="cCode">deploytool</code> menu.</li></div>
<a name="wp305460"> </a><div class="pSmartList2"><li>Select Next.</li></div>
<a name="wp407279"> </a><div class="pSmartList2"><li>Select the Create New Stand-Alone WAR Module radio button.</li></div>
<a name="wp305461"> </a><div class="pSmartList2"><li>In the WAR Location field, browse to the <code class="cCode">&lt;</code><code class="cVariable">INSTALL</code><code class="cCode">&gt;/j2eetutorial14/examples/security/formbasedauth/</code> directory and create the file <code class="cCode">formbasedauth.war</code>. Give the WAR the name <code class="cCode">FormBasedAuth</code>.</li></div>
<a name="wp305485"> </a><div class="pSmartList2"><li>Enter <code class="cCode">/formbasedauth</code> in the Context Root field.</li></div>
<a name="wp305481"> </a><div class="pSmartList2"><li>Click Edit to add the contents of the application to the WAR file. Select the <code class="cCode">formbasedauth/</code> directory from the Starting Directory list. Select each of the files <code class="cCode">index.jsp</code>, <code class="cCode">logon.jsp</code>, <code class="cCode">logonError.jsp</code>, and <code class="cCode">duke.waving.gif</code> from the <code class="cCode">build/ </code>directory and then click Add. Click OK to close this dialog.</li></div>
<a name="wp305498"> </a><div class="pSmartList2"><li>Click Next.</li></div>
<a name="wp305506"> </a><div class="pSmartList2"><li>Select JSP.</li></div>
<a name="wp305507"> </a><div class="pSmartList2"><li>Click Next.</li></div>
<a name="wp305508"> </a><div class="pSmartList2"><li>Select <code class="cCode">index.jsp</code> for the JSP File Name.</li></div>
<a name="wp305509"> </a><div class="pSmartList2"><li>Click Next.</li></div>
<a name="wp305513"> </a><div class="pSmartList2"><li>Click Finish.</li></div>
<a name="wp305514"> </a><p class="pBodyRelative">
The <code class="cCode">FormBasedAuth</code> example displays in the <code class="cCode">deploytool</code> tree.
</p>
</ol></div>
</ol></div>
<a name="wp305531"> </a><h5 class="pHeading4">
Adding Security to the Form-Based Example
</h5>
<a name="wp305534"> </a><p class="pBody">
To add form-based authentication to your application, select the application in the <code class="cCode">deploytool</code> tree, then follow these steps:
</p>
<div class="pSmartList1"><ol type="1" class="pSmartList1">
<a name="wp305535"> </a><div class="pSmartList1"><li>Select the Security tabbed pane.</li></div>
<a name="wp305536"> </a><div class="pSmartList1"><li>Select <code class="cCode">Form Based</code> for the User Authentication Method. </li></div>
<a name="wp305537"> </a><div class="pSmartList1"><li>Select the Settings dialog. Set the following properties in this dialog:</li></div>
<div class="pSmartList2"><ul class="pSmartList2">
<a name="wp305538"> </a><div class="pSmartList2"><li>Set Realm Name to <code class="cCode">file</code>.</li></div>
<a name="wp305539"> </a><div class="pSmartList2"><li>Select <code class="cCode">logon.jsp</code> from the Login Page list.</li></div>
<a name="wp305540"> </a><div class="pSmartList2"><li>Select <code class="cCode">logonError.jsp</code> from the Login Error Page list.</li></div>
</ul></div>
<a name="wp305541"> </a><div class="pSmartList1"><li>Select Add Constraints to add a security constraint to this example.</li></div>
<a name="wp305542"> </a><div class="pSmartList1"><li>Select Add Collections to add a Web Resource Collection to this example.</li></div>
<a name="wp305543"> </a><div class="pSmartList1"><li>With the Security Constraint and Web Resource Collection selected, click the Edit Collections button.</li></div>
<a name="wp305544"> </a><div class="pSmartList1"><li>In the Edit Contents dialog, select Add URL pattern. In the edit box, make sure the URL pattern reads <code class="cCode">/*</code>. Click OK to close this dialog. Using a URL pattern of <code class="cCode">/*</code> and selecting no HTTP patterns means that all files and methods in this application are protected and may only be accessed by a user who provides an authorized login.</li></div>
<a name="wp305545"> </a><div class="pSmartList1"><li>Click Edit Roles on the Security tabbed pane, then Edit Roles again in the Authorized Roles dialog. Click Add to add the role <code class="cCode">loginUser</code>, which is the authorized role for this security constraint. Click OK to close this dialog.</li></div>
<a name="wp305546"> </a><div class="pSmartList1"><li>Select <code class="cCode">loginUser</code> in the left pane and click Add to add it to the list of Authorized Roles for this application. Select OK to close this dialog.</li></div>
<a name="wp305547"> </a><div class="pSmartList1"><li>Create a Security Role Reference. This is needed for this example to map the <em class="cEmphasis">role</em> of <code class="cCode">loginUser</code> defined in the previous steps to the <em class="cEmphasis">group</em> <code class="cCode">loginUser</code> created using the Admin Console in <a  href="Security5.html#wp159083">Adding Authorized Users</a>. To do this, select the Security Role Mapping tabbed pane in <code class="cCode">deploytool</code>.</li></div>
<a name="wp305548"> </a><div class="pSmartList1"><li>Select the role of <code class="cCode">loginUser</code>. </li></div>
<a name="wp305549"> </a><div class="pSmartList1"><li>Select Add User/Group to Role. If you don't see the list of users and groups you defined using the Admin Console, connect to the Admin Server (by double-clicking it in the <code class="cCode">deploytool</code> tree), then make the Admin Server (which is <code class="cCode">localhost:4848</code> by default) the Current Target Server by selecting File<span style="font-family: Symbol"><img src="images/arrwrite.gif" border="0" alt="Right Arrow"></span>Current Target Server.</li></div>
<a name="wp305550"> </a><div class="pSmartList1"><li>Select <code class="cCode">loginUser</code> from the Group Name list, then click Map to Role. When the <code class="cCode">loginUser</code> role is selected in the Role Name list, the <code class="cCode">loginUser</code> group will display under the Group Name list.</li></div>
</ol></div>
<a name="wp305551"> </a><p class="pBody">
After all of the security elements have been added, view the generated deployment descriptor by selecting Tools<span style="font-family: Symbol"><img src="images/arrwrite.gif" border="0" alt="Right Arrow"></span>Descriptor Viewer<span style="font-family: Symbol"><img src="images/arrwrite.gif" border="0" alt="Right Arrow"></span>Descriptor Viewer from the <code class="cCode">deploytool</code> menu.
</p>
<a name="wp305415"> </a><h5 class="pHeading4">
Deploying the Web Application
</h5>
<a name="wp305408"> </a><p class="pBody">
Deploy the Web application by selecting the <code class="cCode">formbasedauth</code> application in the <code class="cCode">deploytool</code> tree, then selecting Tools<span style="font-family: Symbol"><img src="images/arrwrite.gif" border="0" alt="Right Arrow"></span>Deploy.
</p>
<a name="wp305564"> </a><h5 class="pHeading4">