Tomcat works together to implement basic and Form Verification

In Web applications, the user's identity must be verified frequently. However, if Tomcat works with Servlet, simple verification can also be implemented.
You may ignore this. Now let's simply sum up and learn it.

1. Basic Verification Mechanism
This is a bit like the windows integrated authentication mechanism. It is a window that appears during verification, asking you to enter the user name and password. The procedure is as follows:
First, create a directory named "member" under the webshell, and put a webpage test.html that can only be accessed without permission,
Find the tomcat-users.xml file in the \ conf directory of Tomcat and add
<User Username = "test" Password = "test" roles = "member"/>
Here we define the role Member

Then, define the following in Web. xml:
<Web-app>
<Security-constraint>
<Web-resource-collection>
<Web-resource-Name>
Member Area
</Web-resource-Name>
<Description>
Only registered members can access this area.
</Description>
<URL-pattern>/member/* </url-pattern>
<Http-method> Get </HTTP-method>
<Http-method> post </HTTP-method>
</Web-resource-collection>
<Auth-constraint>
<Role-Name> member </role-Name>
</Auth-constraint>
</Security-constraint>
<Login-config>
<Auth-method> basic </auth-method>
</Login-config>
<Security-role>
<Role-Name> member </role-Name>
</Security-role>
</Web-app>

<Login-config>
<Auth-method> basic </auth-method>
</Login-config>
It is pointed out that the basic authentication method is used, and that all files under/member/* need to be authorized by the member role.

2. Form Verification
In this case, we should first set up a.html, the page for inputting the user name and password, and then display error.html at the time of error. Pay attention to the text box design of the user name and password,
Specify name = 'J _ username' name = 'J _ password' and set <form action = 'J _ security_check 'method = 'post'>

Then, set the user account Member (same as above) in tomcat-users.html. The web. xml settings are as follows:
<Web-app>
<Security-constraint>
<Web-resource-collection>
<Web-resource-Name>
Member Area
</Web-resource-Name>
<Description>
Only registered members can access this area.
</Description>
<URL-pattern>/member/* </url-pattern>
<Http-method> Get </HTTP-method>
<Http-method> post </HTTP-method>
</Web-resource-collection>
<Auth-constraint>
<Role-Name> member </role-Name>
</Auth-constraint>
</Security-constraint>
<Login-config>
<Auth-method> form </auth-method>
<Form-login-config>
<Form-login-page>/login/a.html
</Form-login-page>
<Form-error-page>/login/error.html
</Form-error-page>
</Form-login-config>
</Login-config>
<Security-role>
<Role-Name> member </role-Name>
</Security-role>
</Web-app>
Finally, set web. xml