JDBC認証

http://www.javaroad.jp/opensource/js_tomcat11.htm
http://www.avajava.com/tutorials/lessons/how-do-i-log-out-of-an-application-that-uses-form-authentication.html
http://docs.oracle.com/javaee/1.3/api/javax/servlet/http/HttpServletRequest.html


まず、データベース構築

create database auth;

use auth;

create table auth_users(

user_name    varchar(64) not null,

user_pass    varchar(16) not null

);

create table user_roles(

user_name    varchar(64) not null,

role_name    varchar(16) not null

);

insert into auth_users (user_name, user_pass) values ('takahab', 'passwd');

insert into auth_roles (user_name, role_name) values ('takahab', 'form');



------------------------------------------auth.sql-------------------------------------------------------------DROP TABLE IF EXISTS users;
CREATE TABLE auth_users (
user_name varchar(64),
user_pass varchar(16),
PRIMARY KEY (user_name)
);

INSERT INTO auth_users VALUES ('takahab@xx', 'passwd');
INSERT INTO auth_users VALUES ('takaha-m@xx','passwd');
DROP TABLE IF EXISTS user_roles;

CREATE TABLE user_roles (
user_name varchar(64),
role_name varchar(16),
PRIMARY KEY (user_name)
);

INSERT INTO user_roles VALUES ('takahab@xx', 'form');
INSERT INTO user_roles VALUES ('takaha-m@xx', 'manager');

------------------------------------------auth.sql-------------------------------------------------------------

mysql> CREATE DATABASE auth;
mysql> USE auth;
mysql> SOURCE auth.sql;

-----------------------------------------------------------------------------------------------------------


【server.xml】　　　　　ーーーーEngineタグ内に記述

<!--  by takahab
       <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
by takahab  -->

<!--  by takahab  -->
<Realm className="org.apache.catalina.realm.JDBCRealm"
        connectionName="takahab"
        connectionPassword="no3177"
        connectionURL="jdbc:mysql://localhost/auth"
        driverName="com.mysql.jdbc.Driver"
        roleNameCol="role_name"
        userCredCol="user_pass"
        userNameCol="user_name"
        userRoleTable="auth_roles"
        userTable="auth_users"
 />
<!--  by takahab  -->
      </Realm>


【WEB-INF/web.xml】

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD
          Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Authentication of FormAuth</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>form</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/login_err.html</form-error-page>
    </form-login-config>
  </login-config>

  <security-role>
    <role-name>form</role-name>
  </security-role>

  <session-config>
 <session-timeout>1</session-timeout>
  </session-config>

</web-app>


【WebContent/login.jsp】

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>login page</title>
</head>
<body>
<form method="post" action='<%= response.encodeURL("j_security_check")%>'>
<table>
  <tr>
    <td>ID</td>
    <td> <input type="text" name="j_username"></td>
  </tr>
  <tr>
    <td>Pass</td>
    <td><input type="password" name="j_password"></td>
  </tr>
</table>
<br>
<input type="submit" value="Login" name="submit">
<input type="reset" value="Reset" name="reset">
</form>
</body>
</html>


【WebContent/menu.html】

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>login successful</title>
</head>
<body>

ログイン成功です。

<p><a href="logout.jsp">logout</a></p>
<br>
<br>
<p><a href="index.html">TOPに移動します。（index.html)</a></p>

</body>
</html>

【WebContent/login_err.html】

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>login error page</title>
</head>
<body>

ID、Passwordが誤っています。

<br/><br/>
<a href="menu.html">メニューシステムに移動します。</a>

</body>
</html>

【logout.jsp】

<%@ page session="true" language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>

User [<%=request.getRemoteUser()%>] has been logged out.

<% session.invalidate(); %>

<br/><br/>
<a href="menu.html">HTMLメニューシステムに移動します。</a>
<a href="menu.jsp">JSPメニューシステムに移動します。</a>

【WebContent/menu.jsp】

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>メニューシステム（jspタイプ)</title>
</head>
<body>
ログイン成功です。
<br>
<br>
ユーザ名: [<%=request.getRemoteUser()%>]
<br>
Authタイプ: [<%=request.getAuthType()%>]
<br>
ヘッダー:         [< %=request.getHeader(name)% >]
<br>
メソッド:         [<%=request.getMethod()%>]
<br>
パス: [<%=request.getPathInfo()%>]
<br>
トランス:         [<%=request.getPathTranslated()%>]
<br>
クエリ: [<%=request.getQueryString()%>]
<br>
リクエストSID:         [<%=request.getRequestedSessionId()%>]
<br>
URI: [<%=request.getRequestURI()%>]
<br>
URL: [<%=request.getRequestURL()%>]
<br>
PATH: [<%=request.getServletPath()%>]
<br>

<p><a href="logout.jsp">logout</a></p>
<br>
<br>
<p><a href="index.html">TOPに移動します。（index.html)</a></p>
</body>
</html>

【WebContent/index.html】

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
<meta http-equiv="refresh" content="3; URL=http://localhost:8080/JDBCAuth/menu.html">
</head>
<body>
<p>このページは、ログインページに移動します。</p>

<p><a href="menu.html">HTMLメニューシステムにジャンプします。</a></p>
<p><a href="menu.jsp">JSPメニューシステムにジャンプします。</a></p>

</body>
</html>