I'm trying to implement a simple form-based login for my web application deployed with Tomcat. loginPage.html has j_username
and j_password
as fields, and the form method is j_security_check
, as specified. /Actions is a directory containing all of my html and jsp files, as well as the css and js files, and all of the servlet mappings are of the form /Actions/servletName.do. The only pages not in actions a开发者_高级运维re index.html and loginPage and loginError.
Right now, the home page is index.html. There is a hyperlink to Actions/home.html in it. What I want is for that hyperlink to redirect to loginPage.html first, and then when the user logs in it will go to home.html. My understanding is that, since home.html is a constrained resource, this should happen automatically. However, instead, I am not redirected to a login page, and the browser displays an error saying it couldn't connect to the page; the URL at the top is either https://localhost:8443/myProject/Actions/home.html and https://localhost:8443/myProject/index.html.
I have looked at several tutorials but nowhere do they specify a complete example, including file locations. Help would be greatly appreciated. Oh yes, and if anyone's wondering, I did update the tomcat-users.xml file accordingly.
<welcome-file-list>
<welcome-file>/index.html</welcome-file>
</welcome-file-list>
<security-role><role-name>Admin</role-name></security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/loginPage.html</form-login-page>
<form-error-page>/loginError.html</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllResources</web-resource-name>
<url-pattern>/Actions/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
You need to configure Tomcat to use SSL first whenever you'd like to use HTTPS. Otherwise you have to remove the <transport-guarantee>CONFIDENTIAL</transport-guarantee>
entry and fix all links in your HTML/JSP files to point to http://
instead of https://
.
精彩评论