<security-constraint>
<web-resource-collection>
<web-resource-name>resource1</web-resource-name>
<description></description>
<url-pattern>
/*</url-pattern>
<http-method>
GET</http-method>
<http-method>
POST</http-method>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>EClubAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/page/frame/Login.jsp</form-login-page>
<form-error-page>/page/frame/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description></description>
<role-name>EClubAdmin</role-name>
</security-role>
用户在浏览器中访问Project时将转向index.jsp,index.jsp发login.do请求,由于login.do要访问的是受保护的资源,所以
Websphere将请求转向登录页面,要求用户输入用户名和密码,待用户输入了正确的用户名和密码后,Websphere将重新发送login.do请求,然后在login的Action中得到principle,得到用户名,再从数据库中查询该用户名,将页面转向主页面。 查看websphere官方文档显示:
,websphere在不同版本间处理登录存在差异:
If security is not enabled , a servlet is requested and the servlet is configured with Web server protection, the getRemoteUser method will return the login, and getAuthType will return the authentication scheme. If security is enabled and a servlet is requested , both methods will return null when WebSphere protection is not configured for the servlet. If security is enabled , a servlet is requested, and the servlet is configured with WebSphere protection, the getRemoteUser method will return the login, and the getAuthType method will return the configured authentication scheme.
