这就是它的完成方式:
首先是安全角色+登录配置:
<security-role>
<description>
Main user for admin GUI
</description>
<role-name>admin</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>my login</realm-name>
</login-config>
应该公开访问的servlet:
<servlet>
<description>Landing Page for Admin GUI</description>
<display-name>StartServlet</display-name>
<servlet-name>StartServlet</servlet-name>
<servlet-class>StartServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>StartServlet</servlet-name>
<url-pattern>/index.html</url-pattern>
</servlet-mapping>
所有页面的限制(仅可通过管理员用户访问):
<security-constraint>
<web-resource-collection>
<web-resource-name>Private</web-resource-name>
<description>Matches all pages</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
公众只有那些:
<security-constraint>
<web-resource-collection>
<web-resource-name>Public</web-resource-name>
<description>Makes the landing page explicitly public (overrides Private above since more specific!)</description>
<url-pattern>/index.html</url-pattern>
</web-resource-collection>
<!-- No auth-constraint = everybody has access! -->
</security-constraint>
| 归档时间: |
|
| 查看次数: |
4088 次 |
| 最近记录: |