更新:當完全移除<auth-constraint>
元素時,代碼正常工作。任何人都可以解釋爲什麼現在不工作?如何解決Tomcat訪問被拒絕的請求的資源?
我正在寫一些代碼的做法,在部署描述符確保一個servlet,而我得到在瀏覽器中執行以下操作:
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource has been forbidden.
Apache Tomcat/7.0.42
任何想法,以什麼我做錯了嗎?我已經通過之前的帖子進行了一些搜索,似乎Tomcat 7中的角色名稱可能已經更新 - 我已經玩過這個,但目前爲止沒有成功。 (代碼如下)。
的web.xml
<?xml version="1.0" ?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<servlet>
<servlet-name>CheckedServlet</servlet-name>
<servlet-class>webcert.ch05.ex0502J.CheckedServlet</servlet-class>
<security-role-ref>
<role-name>MGR</role-name>
<role-link>manager</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>CheckedServlet</servlet-name>
<url-pattern>/CheckedServlet</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>CheckedServletConstraint</web-resource-name>
<url-pattern>/CheckedServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>manager</role-name>
</security-role>
CheckedServlet.java
package webcert.ch05.ex0502J;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.security.*;
public class CheckedServlet extends HttpServlet{
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.write("<html><head><title>CheckedServlet</title></head><body>");
String userMessage;
Principal user = request.getUserPrincipal();
if(user == null)
userMessage = "Access denied.";
else
userMessage = "Access granted.";
out.write("<br>" + userMessage + " Principal name is " + user +
"<br>If authorized, you should see some more text below:");
if(request.isUserInRole("manager"))
out.write("<br>Here's some super secret extra text since your " +
"role is manager.");
out.write("</body></html>");
out.flush();
out.close();
}
}
您好傑夫,是你能找到的原因是什麼?我也注意到我的盒子上也有同樣的問題。如果你能在這裏分享,我將不勝感激。謝謝。 – Tariq
嗨塔裏克 - 到目前爲止還沒有運氣。我在爲OCWCD考試進行學習的過程中提出了這個問題,因此我開始轉向其他主題。我打算重新審視文本中的下一遍,如果我找到答案,我一定會發帖。 –
謝謝傑夫。我明白:) :) – Tariq