Implement Identity Authentication in servlet in Weblogic Environment
Source: Internet
Author: User
Article Title: implement identity authentication in servlet in Weblogic environment. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Using the application server configuration in weblogic can fully implement user authentication. Because we are mainly development-oriented, we will mainly explain how to use User Role rules in servlet (that is, http user authentication, which we often call). Let's use this familiar term below ).
Three methods for Weblogic User Authentication The weblogic application server provides three different user authentication methods:
BASIC
For basic identity authentication methods, a dialog box asking for user name and password is displayed in the WEB browser. This user name and password will be forcibly required in some content modules of the website.
FORM
FORM-based user authentication requires you to return an html form containing the user name and password, which must correspond to the elements of the user name and password: j_username and j_password, and the form action description must be j_security_check. The following is an example of a form:
The resource that includes this form can be an HTML page, a JSP page, or a servlet. You can Element. When the authentication page is submitted, an HTTP session is created. Therefore, when the authentication succeeds, the session. isNew () method returns a FALSE response.
CLIENT-CERT
It is to use the customer's digital certificate to authenticate the request, generally associated with SSL. For more information about SSL, see.
Which authentication method can be used in web. xml The sub-element defined in the element. The possible value is either BASIC, FORM, or CLIENT-CERT.
Use user authentication in servlet To use user authentication in servlet, you must configure the web application first.
1. Modify the relevant entries in the weblogic. xml file:
Mgr
Al
George
Ralph
Note: Is the role name, for example, now this is the administrator, then All user names included in the specified role in the element.
2. Element to define the role name mgr (in Element), and Create a link (manager) for the mgr role in the registration item)
...
Manager
Mgr
...
Mgr
The configuration file on the server has completed the necessary modifications.
3. Reference server role authentication in the servlet. You only need to add the next statement in the appropriate place.
IsUserInRole ("manager ");
It is worth noting that a session will be created after the user authentication returns successfully. In weblogic, each web appliction uses the same cookie name (JSESSIONID) by default. Therefore, when any authentication succeeds, all Web applications use the same cookie name to store authentication information, so as to implement the concept of "full site access. If you want to use a separate authentication for a Web Application, you can define a cookie name for the Application. Modify the content of the element.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.