java 在 Tomcat 中从 HttpServletRequest.getRemoteUser() 获取值而不修改应用程序
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7553967/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Getting a value from HttpServletRequest.getRemoteUser() in Tomcat without modifying application
提问by Mark
(Using Java 6 and Tomcat 6.)
(使用 Java 6 和 Tomcat 6。)
Is there a way for me to get HttpServletRequest.getRemoteUser()to return a value in my development environment (i.e. localhost) without needing to modify my application's web.xml file?
有没有办法让我HttpServletRequest.getRemoteUser()在我的开发环境(即本地主机)中返回一个值而无需修改我的应用程序的 web.xml 文件?
The reason I ask is that the authentication implementation when the app is deployed to a remote environment is handled by a web server and plugged-in tool. Running locally I obviously do not have the plugged-in tool or a separate web server; I just have Tomcat 6. I am trying to avoid adding code to my application merely to support development on my localhost.
我问的原因是将应用程序部署到远程环境时的身份验证实现是由 Web 服务器和插件工具处理的。在本地运行我显然没有插件工具或单独的 Web 服务器;我只有 Tomcat 6。我试图避免向我的应用程序添加代码只是为了支持我的本地主机上的开发。
I am hoping there is a modification I can make to the context.xml or server.xml files that will let me set the remote user ID or that will try to pull it from a HTTP header or something.
我希望可以对 context.xml 或 server.xml 文件进行修改,以便我设置远程用户 ID 或尝试从 HTTP 标头或其他内容中提取它。
采纳答案by palacsint
Here is a proof of concept Valveimplementation which does it:
这是一个概念Valve实现的证明,它做到了:
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.ServletException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.valves.ValveBase;
public class RemoteUserValve extends ValveBase {
public RemoteUserValve() {
}
@Override
public void invoke(final Request request, final Response response)
throws IOException, ServletException {
final String username = "myUser";
final String credentials = "credentials";
final List<String> roles = new ArrayList<String>();
// Tomcat 7 version
final Principal principal = new GenericPrincipal(username,
credentials, roles);
// Tomcat 6 version:
// final Principal principal = new GenericPrincipal(null,
// username, credentials, roles);
request.setUserPrincipal(principal);
getNext().invoke(request, response);
}
}
(Tested with Tomcat 7.0.21.)
(使用 Tomcat 7.0.21 测试。)
Compile it, put it inside a jar and copy the jar to the apache-tomcat-7.0.21/libfolder. You need to modify the server.xml:
编译它,把它放在一个罐子里,然后把罐子复制到apache-tomcat-7.0.21/lib文件夹中。您需要修改server.xml:
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="remoteuservalve.RemoteUserValve" />
...
I suppose it works inside the Engineand Contextcontainers too.
我想它也适用于Engine和Context容器。
More information:
更多信息:
回答by palacsint
Use a local, file-based realm for testing. Check your conf/tomcat-users.xmland create roles and users for your application and enable the security constraints in your web.xml. There are good examples in the tomcat-users.xml.
使用本地的、基于文件的领域进行测试。检查您conf/tomcat-users.xml并为您的应用程序创建角色和用户,并在您的 web.xml 中启用安全约束。中有很好的例子tomcat-users.xml。
