1. 首页
  2. 问答
  3. Tomcat:绕过指定IP地址的基本身份验证

Tomcat:绕过指定IP地址的基本身份验证

2011-10-03 55 views
8

我配置了tomcat进行基本身份验证。 我不希望任何人访问我的Web应用程序,但该应用程序正在提供Web服务。 所以我想从基本身份验证绕过特定的IP地址(即IP不应该要求身份验证。)Tomcat:绕过指定IP地址的基本身份验证

的tomcat-users.xml中:

<tomcat-users> 
<user username="user" password="password" roles="user"/> 
</tomcat-users>

的web.xml:

<security-constraint> 
<web-resource-collection> 
    <web-resource-name>Entire Application</web-resource-name> 
    <url-pattern>/*</url-pattern> 
</web-resource-collection> 
<auth-constraint> 
    <role-name>user</role-name> 
</auth-constraint> 
</security-constraint> 


<login-config> 
    <auth-method>BASIC</auth-method> 
    <realm-name>You must enter your login credentials to continue</realm-name> 
</login-config> 

<security-role> 
    <description> 
     The role that is required to log in to the Application 
    </description> 
    <role-name>user</role-name> 
</security-role>

谢谢, Chetan。

来源

2011-10-03 Chetan

回答

9

如果你想只允许几个IP地址,并且不允许其他人,那么你需要的是Remote Address Filter Valve

如果您希望来自未知IP地址的客户端看到基本登录对话框并且可以登录,您需要自定义Valve。在RemoteAddrValve(和它的父RequestFilterValve类的来源是一个很好的起点。看看my former answer too

不管怎样,下面是的概念代码证明。它把一个充满PrincipalRequest如果客户是来自一个值得信赖的IP,因此登录模块将不要求输入密码,否则它不触及Request对象,用户可以像往常一样登录

import java.io.IOException; 
import java.security.Principal; 
import java.util.ArrayList; 
import java.util.List; 

import javax.servlet.ServletException; 

import org.apache.catalina.connector.Request; 
import org.apache.catalina.connector.Response; 
import org.apache.catalina.realm.GenericPrincipal; 
import org.apache.catalina.valves.ValveBase; 

public class AutoLoginValve extends ValveBase { 

    private String trustedIpAddress; 

    public AutoLoginValve() { 
    } 

    @Override 
    public void invoke(final Request request, final Response response) 
      throws IOException, ServletException { 
     final String remoteAddr = request.getRemoteAddr(); 
     final boolean isTrustedIp = remoteAddr.equals(trustedIpAddress); 
     System.out.println("remoteAddr: " + remoteAddr + ", trusted ip: " 
       + trustedIpAddress + ", isTrustedIp: " + isTrustedIp); 
     if (isTrustedIp) { 
      final String username = "myTrusedUser"; 
      final String credentials = "credentials"; 
      final List<String> roles = new ArrayList<String>(); 
      roles.add("user"); 
      roles.add("admin"); 

      final Principal principal = new GenericPrincipal(username, 
       credentials, roles); 
      request.setUserPrincipal(principal); 
     } 

     getNext().invoke(request, response); 
    } 

    public void setTrustedIpAddress(final String trustedIpAddress) { 
     System.out.println("setTrusedIpAddress " + trustedIpAddress); 
     this.trustedIpAddress = trustedIpAddress; 
    } 

}

而且一个配置实例为server.xml:。

<Valve className="autologinvalve.AutoLoginValve" 
    trustedIpAddress="127.0.0.1" />

来源

2011-10-03 19:53:12 palacsint

+0

谢谢palacsinit,我会尝试添加此功能,并且会尽快发布结果。 – Chetan

+1

它工作完美,非常感谢palacsint。 – Chetan

相关问题

 相关问题