<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<security-role><!-- 這是一個群組,設定應用程式會用到的role(群組) -->
<role-name>Manager</role-name>
<!-- 設定一個應用程式內合法的使用者role,在deploy時對應到container裡的設定 -->
</security-role>
<security-role>
<role-name>Employee</role-name>
</security-role>
<security-role>
<role-name>People</role-name>
</security-role>
<login-config><!-- 設定要用哪個身分驗證機制 -->
<auth-method>BASIC</auth-method><!-- 設定web想要使用的身分宴制機制,只有兩種半可用 -->
<realm-name>有人再跟你要密碼</realm-name><!-- 給使用者的訊息,告訴使用者是哪個應用程式向他問密碼 -->
</login-config>
<!-- <login-config> -->
<!-- <auth-method>FORM</auth-method>FORM跟 BASIC不會同時存在 -->
<!-- <form-login-config>只有 FORM有這個方法 -->
<!-- <form-login-page>/WEB-INF/form/login.jsp</form-login-page> -->
<!-- <form-error-page>/WEB-INF/form/error.jsp</form-error-page> -->
<!-- </form-login-config> -->
<!-- </login-config> -->
<security-constraint><!-- 設定哪些網頁屬於機密 -->
<web-resource-collection><!-- 使用子標籤設定哪些網頁要被保護 -->
<web-resource-name>DEMO01</web-resource-name><!-- 在此設定一個web.xml中不重複的名稱 -->
<url-pattern>/dir1/*</url-pattern><!-- 設定需要被保護的網頁資源URL,現在dir資料夾底下的需要帳密 -->
<!-- <http-method></http-method> -->
<!-- ↑設定驗證機制需要作用在哪些HTTPmethod,合法值為GET、POST等,沒有使用代表全部都要驗證 -->
</web-resource-collection>
<auth-constraint>
<role-name>Employee</role-name><!-- 設定可以使用被保護網頁的role(群組),此群組需對應到上面定義的security-role -->
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
<!-- 設定資料傳送是否需要加密,NONE(不加密)、CONFIDENTIAL(加密) -->
</user-data-constraint>
</security-constraint>
<display-name>SecureWeb</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
--><tomcat-users>
<!-- <role rolename="admin-gui"/> -->
<!-- <role rolename="manager-gui"/> -->
<!-- <role rolename="manager-script"/> -->
<!-- <role rolename="manager-jmx"/> -->
<!-- <role rolename="manager-status"/> -->
<role rolename="Manager"/>
<role rolename="Employee"/>
<!-- <user password="root" roles="admin-gui,manager-gui,manager-script,manager-jmx" username="root"/> -->
<!-- <user password="tomcat" roles="manager-script" username="tomcat"/> -->
<!-- <user password="admin" roles="manager-gui,admin-gui" username="admin"/> -->
<user username="user1" password="user1" roles="Manager" />
<user username="user2" password="user2" roles="Manager" />
<user username="user3" password="user3" roles="Employee" />
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
-->
</tomcat-users>
留言列表
【前端網頁開發技術】 (4)
