更新:当完全移除<auth-constraint>
元素时,代码正常工作。任何人都可以解释为什么现在不工作?如何解决Tomcat访问被拒绝的请求的资源?
我正在写一些代码的做法,在部署描述符确保一个servlet,而我得到在浏览器中执行以下操作:
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource has been forbidden.
Apache Tomcat/7.0.42
任何想法,以什么我做错了吗?我已经通过之前的帖子进行了一些搜索,似乎Tomcat 7中的角色名称可能已经更新 - 我已经玩过这个,但目前为止没有成功。 (代码如下)。
的web.xml
<?xml version="1.0" ?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<servlet>
<servlet-name>CheckedServlet</servlet-name>
<servlet-class>webcert.ch05.ex0502J.CheckedServlet</servlet-class>
<security-role-ref>
<role-name>MGR</role-name>
<role-link>manager</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>CheckedServlet</servlet-name>
<url-pattern>/CheckedServlet</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>CheckedServletConstraint</web-resource-name>
<url-pattern>/CheckedServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>manager</role-name>
</security-role>
CheckedServlet.java
package webcert.ch05.ex0502J;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.security.*;
public class CheckedServlet extends HttpServlet{
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.write("<html><head><title>CheckedServlet</title></head><body>");
String userMessage;
Principal user = request.getUserPrincipal();
if(user == null)
userMessage = "Access denied.";
else
userMessage = "Access granted.";
out.write("<br>" + userMessage + " Principal name is " + user +
"<br>If authorized, you should see some more text below:");
if(request.isUserInRole("manager"))
out.write("<br>Here's some super secret extra text since your " +
"role is manager.");
out.write("</body></html>");
out.flush();
out.close();
}
}
您好杰夫,是你能找到的原因是什么?我也注意到我的盒子上也有同样的问题。如果你能在这里分享,我将不胜感激。谢谢。 – Tariq
嗨塔里克 - 到目前为止还没有运气。我在为OCWCD考试进行学习的过程中提出了这个问题,因此我开始转向其他主题。我打算重新审视文本中的下一遍,如果我找到答案,我一定会发帖。 –
谢谢杰夫。我明白:) :) – Tariq