Apply level authentication in the servlet in the WebLogic environment

zhaozj2021-02-17 66

Using the application server itself in WebLogic, you can comprehensively implement user authentication. Since we are mainly for development, this mainly explains the use of user role rules in servlet (that is, the HTTP user authentication we often say, the following is still using the noun we are familiar with).

Three ways for WebLogic user authentication

In the WebLogic application server, there are three different user authentication methods:

Basic

Basic identity authentication methods, using a web browser to pop up a dialog box requesting to enter a username and password. This username and password will be enforced in some (some) content modules of the website.

FORM

Form-based user authentication requires that you return an HTML form including a username and password, this form corresponds to the element of the username and password must be j_username and j_password, and the Action Description of the form must be j_security_check. Here is an example of a form:

The resource including this form can be an HTML page, a JSP page or a servlet. You can define in the element. When this authentication page is submitted, an HTTP Session will be created. Therefore, when the authentication is successful, use the session.isnew () method will get a false return.

Client-Cert

That is to authenticate requests using customer digital certificates, generally connect with SSL. Please refer to the SSL-related content if you need to use.

What authentication method can be used, and you can define in the in the element in Web.xml. Possible selection values are one of the three Basic or Form or Client-Cert.

User authentication in servlet

To use user authentication in servlet, you must first configure the Web Application.

1. Modify the relevant entry in the weblogic.xml file:

MGR

George

Ralph

Note: is a role name, for example, this is an administrator, then specify all usernames included in the element.

2. Define the role name Mgr (in element) to use in Web.xml element, and make a link for the MGR role in the registration item (Manager)

...

manager

mgr ...

MGR

The configuration files on the server here have completed the required modifications.

3. Reference Servers in the servlet, just add the next statement in the appropriate place.

iSuserinRole ("manager");

It is worth noting that a session will be established when the user is certified to return. In WebLogic, all Web Applications use the same cookie name (JSESSIONID), so after any authentication is successful, all Web Application will save information about certification, Thereby realizing the concept of "full station". If you want to use a separate authentication for a Web Application, you can individually define a cookie name for this app, which can be modified accordingly by related content of the element in WebLogic.xml.

Related Resources: Deployment Servlet and JSP under the WebLogic platform

转载请注明原文地址:https://www.9cbs.com/read-30753.html

9cbs

New Post(0)