tomcat与web.xml配置

WEB.ML配置

 

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
 http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">


 <context-param>
  <description>
   Role that can view session attribute values
  </description>
  <param-name>attribute.value.role</param-name>
  <param-value>manager</param-value>
 </context-param>

 

 <security-constraint>
  <web-resource-collection>
   <web-resource-name>Stat User URLs</web-resource-name>
   <url-pattern>/</url-pattern>
  </web-resource-collection>
  <auth-constraint>
   <role-name>Stat</role-name>
  </auth-constraint>
 </security-constraint>

 

 <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>Stat</realm-name>
 </login-config>

 

 <!--Security roles referenced by this web application -->
 <security-role>
  <role-name>Stat</role-name>
 </security-role>

 

 <welcome-file-list>
  <welcome-file>index.jsp</welcome-file>
 </welcome-file-list>

 

</web-app>

 ---------------------------------------------------------------------------------------------------------------------------------

 

Tomecat-----conf-----tomcat-users.xml 配置

 

<?xml version='1.0' encoding='cp936'?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<tomcat-users>
  <user name="admin" password="" roles="admin,manager" />
 
  <role rolename="tomcat"/>
  <role rolename="Stat"/>

  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="stat" password="iamadmin" roles="Stat"/>

</tomcat-users>

 ---------------------------------------------------------------------------------------------------------------------------------

 

补充

 

配置servlet映射关系:

<web-app>
   ......
   <servlet>
        <servlet-name>ServletName</servlet-name>
        <servlet-class>com.jj.ServletClass</servlet-class>
        <!-- servlet初始化参数 -->
        <init-param>
            <param-name>parameterName</param-name>
            <param-value>parameterValue</param-value>
        </init-param>
    </servlet>

    <servlet-mapping>
        <servlet-name>ServletName</servlet-name>
        <url-pattern>/*.do</url-pattern>
    </servlet-mapping>
    ......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
配置监听器:

<web-app>
    ........
    <listener>
        <listener-class>com.jj.MyServletContextListener</listener-class>
    </listener>
    ........
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
设置session超时:

<web-app>
    ........
    <session-config>
        <!-- 以分钟为单位 -->
        <session-timeout>15</session-timeout>
    </session-config>
    ........
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
配置应用上下文参数:

<web-app>
    ........
     <context-param>
        <param-name>parameterName</param-name>
        <param-value>parameterValue</param-value>
    </context-param>
    ........
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
禁用scriptlet:

<web-app>
    ........
    <jsp-config>
        <jsp-property-group>
            <url-pattern>*.jsp</url-pattern>
            <scripting-invalid>true</scripting-invalid>
        </jsp-property-group>
    </jsp-config>
    ........
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
忽略EL表达式语言:

<web-app>
    ........
    <jsp-config>
        <jsp-property-group>
            <url-pattern>*.jsp</url-pattern>
            <el-ignored>true</el-ignored>
        </jsp-property-group>
    </jsp-config>
    ........
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
EL函数配置:

TLD(标记库描述文件):
<taglib>
    <uri>DiceFunctions</uri>
    <function>
        <name>rollIt</name>
        <function-class>foo.DiceRoller</function-class>
        <function-signature>
            int rollDice()
        </function-signature>
    </function>
</taglib>

有函数的类:
package foo;
public class DiceRoller{
    public static int rollerDice(){
       return (int)((Math.random()*6)+1);
    }
}

JSP中调用
<%@ tiglib prefix="mine" uri="DiceFunctions" %>

<html><body>

${mine:rollIt()}

</body></html>
---------------------------------------------------------------------------------------------------------------------------------
定制错误页面:

根据异常类型定制错误页面:
<web-app>
    ......
    <error-page>
        <exception-type>java.lang.Throwable</exception-type>
        <location>/error.jsp</location>
    </error-page>
    ......
</web-app>

根据HTTP状态码定制错误页面:
<web-app>
    ......
    <error-page>
        <error-code>404</error-code>
        <location>/error.jsp</location>
    </error-page>
    ......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
定制标记:

tld:
<taglib>
    ......
    <tag>
        <name>loop</name>
        <tag-class>com.pandajj.tag.LoopTag</tag-class>
        <!-- 四个值可选:empty,scriptless,tagdependent,JSP -->
        <body-content>JSP</body-content>
        <attribute>
            <name>times</name>
            <required>true</required>
            <rtexpralue>true</rtexpralue>
        </attribute>
    </tag>
    ......
</taglib>
---------------------------------------------------------------------------------------------------------------------------------
定制欢迎页面:

<web-app>
    ......
    <welcome-file-list>
        <welcome-file>hello.html</welcome-file>
    </welcome-file-list>
    ......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
EJB相关和MIME映射:

<web-app>
    ......
    <!-- 本地Bean的引用 -->
    <ejb-local-ref>
        <ejb-ref-name>ejb/customer</ejb-ref-name>
        <ejb-ref-type>Entity</ejb-ref-type>
        <local-home>com.jj.CustomerHome</local-home>
        <local>com.jj.Customer</local>
    </ejb-local-ref>
   
    <!-- 远程Bean的引用 -->
    <ejb-ref>
        <ejb-ref-name>ejb/LocalCustomer</ejb-ref-name>
        <ejb-ref-type>Entity</ejb-ref-type>
        <home>com.jj.CustomerHome</home>
        <remote>com.jj.Customer</remote>
    </ejb-ref>
   
    <!-- 声明应用的JNDI环境项 -->
    <env-entry>
        <env-entry-name>rates/discountRate</env-entry-name>
        <env-entry-type>java.lang.Integer</env-entry-type>
        <env-entry-value>10</env-entry-value>
    </env-entry>
   
    <!-- 配置扩展名和MIME类型之间的映射 -->
    <mime-mapping>
        <extension>mpg</extension>
        <mime-type>video/mpeg</mime-type>
    </mime-mapping>
    ......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
过滤器映射:

<web-app>
    ......
    <filter>
        <filter-name>FilterName</filter-name>
        <filter-class>com.jj.FilterClass</filter-class>
        <init-param>
            <param-name>parameterName</param-name>
            <param-value>parameterValue</param-value>
        </init-param>
    </filter>
   
    <!-- 声明相应URL模式的过滤器映射 -->
    <filter-mapping>
        <filter-name>FilterName</filter-name>
        <url-pattern>*.do</url-pattern>
    </filter-mapping>
   
    <!-- 声明对应servlet名的过滤器映射 -->
    <filter-mapping>
        <filter-name>FilterName</filter-name>
        <servlet-name>ServletName</servlet-name>
    </filter-mapping>
    ......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
授权:

<web-app>
    ......
    <security-role>
        <!-- 对应Tomcat的tomcat-users.xml中设置的角色名 -->
        <role-name>admin</role-name>
    </security-role>

    <login-config>
        <!-- 四种方式可选 -->
        <auth-method>BASIC</auth-method>
    </login-config>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Web Security</web-resource-name>
            <url-pattern>/index.jsp</url-pattern>
            <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
        <user-data-constraint>
            <!-- 数据在传输过程中不被别人看到 -->
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    ......
</web-app>
---------------------------------------------------------------------------------------------------------------------------------
四种认证类型:

BASIC:HTTP规范,Base64
<web-app>
    ......
    <login-config>
        <auth-method>BASIC</auth-method>
    </login-config>
    ......
</web-app>

DIGEST:HTTP规范,数据完整性强一些,但不是SSL
<web-app>
    ......
    <login-config>
        <auth-method>DIGEST</auth-method>
    </login-config>
    ......
</web-app>

CLIENT-CERT:J2EE规范,数据完整性很强,公共钥匙(PKC)
<web-app>
    ......
    <login-config>
        <auth-method>CLIENT-CERT</auth-method>
    </login-config>
    ......
</web-app>

FORM:J2EE规范,数据完整性非常弱,没有加密,允许有定制的登陆界面。
<web-app>
    ......
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/error.jsp</form-error-page>
        </form-login-config>
    </login-config>
    ......
</web-app>

登陆页面表单的action,用户名,密码要用统一的名字:
<form action="j_security_check">
    <input type="text" name="j_username" />
    <input type="password" name="j_password" />
    <input type="submit" value="enter" />
</form>

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值