<?xml version="1.0" encoding="UTF-8"?> <!--<web-app xmlns="http://java.sun.com/xml/ns/j2ee"--> <!-- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"--> <!-- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"--> <!-- version="2.4">--> <web-app xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_5.xsd" version="5.0"> <display-name>howie2</display-name> <filter> <filter-name>hmvc</filter-name> <filter-class>com.howie.hmvc.DispatcherFilter</filter-class> </filter> <filter-mapping> <filter-name>hmvc</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>hmvc</filter-name> <url-pattern>*.html</url-pattern> </filter-mapping> <filter-mapping> <filter-name>hmvc</filter-name> <url-pattern>*.jhtml</url-pattern> </filter-mapping> <filter-mapping> <filter-name>hmvc</filter-name> <url-pattern>*.aj</url-pattern> </filter-mapping> <filter-mapping> <filter-name>hmvc</filter-name> <url-pattern>*.ar</url-pattern> </filter-mapping> <jsp-config> <taglib> <taglib-uri>asy</taglib-uri> <taglib-location>/WEB-INF/anshuyun.tld</taglib-location> </taglib> </jsp-config> <error-page> <error-code>404</error-code> <location>/error/404.jsp</location> </error-page> <error-page> <error-code>500</error-code> <location>/error/500.jsp</location> </error-page> <session-config> <session-timeout>20</session-timeout> <!-- <cookie-config> <secure>true</secure> </cookie-config> --> </session-config> <security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> </web-resource-collection> <au

### Jakarta EE 中 `web.xml` 的配置详解 #### 过滤器映射 (`<filter-mapping>`) 过滤器用于拦截特定请求并执行预处理或后处理逻辑。以下是 `<filter-mapping>` 的典型配置示例： ```xml <filter> <filter-name>SecurityFilter</filter-name> <filter-class>com.example.SecurityFilter</filter-class> </filter> <filter-mapping> <filter-name>SecurityFilter</filter-name> <url-pattern>*.do</url-pattern> </filter-mapping> ``` 上述配置表示名为 `SecurityFilter` 的过滤器将应用于所有以 `.do` 结尾的 URL 请求[^1]。 --- #### 错误页面设置 (`<error-page>`) 错误页面用于捕获应用程序中的异常或 HTTP 响应状态码，并重定向到自定义页面。以下是一个常见的配置示例： ```xml <error-page> <error-code>404</error-code> <location>/errors/not-found.jsp</location> </error-page> <error-page> <exception-type>java.lang.Exception</exception-type> <location>/errors/generic-error.jsp</location> </error-page> ``` 此配置表明当发生 404 错误时，用户会被引导至 `/errors/not-found.jsp` 页面；而任何抛出 `java.lang.Exception` 类型的异常都会被导向 `/errors/generic-error.jsp` 页面[^3]。 --- #### 安全约束 (`<security-constraint>`) 安全约束用于保护 Web 应用程序中的资源，确保只有经过身份验证的用户才能访问某些路径。下面是一段典型的配置： ```xml <security-constraint> <display-name>Admin Pages</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/admin/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Example Realm</realm-name> </login-config> <security-role> <role-name>admin</role-name> </security-role> ``` 在此配置中： - 所有匹配 `/admin/*` 路径的 GET 和 POST 请求都需要管理员角色权限。 - 使用 BASIC 认证方法进行登录认证。 - 定义了一个名为 `admin` 的安全角色。 --- #### 综合示例 以下是一个完整的 `web.xml` 文件片段，综合展示了过滤器映射、错误页面和安全约束的配置： ```xml <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_5_0.xsd" version="5.0"> <!-- Filter Mapping --> <filter> <filter-name>LoggingFilter</filter-name> <filter-class>com.example.LoggingFilter</filter-class> </filter> <filter-mapping> <filter-name>LoggingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Error Page Configuration --> <error-page> <error-code>404</error-code> <location>/errors/not-found.html</location> </error-page> <error-page> <exception-type>java.sql.SQLException</exception-type> <location>/errors/database-error.html</location> </error-page> <!-- Security Constraint --> <security-constraint> <web-resource-collection> <web-resource-name>Secure Resources</web-resource-name> <url-pattern>/secure/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login-failed.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>user</role-name> </security-role> </web-app> ``` --- #### 注意事项 - **过滤器优先级**：多个过滤器可能会应用在同一组 URL 上，其执行顺序由它们在 `web.xml` 文件中的声明顺序决定。 - **安全性最佳实践**：建议使用 HTTPS 来加密敏感数据传输，并定期审查安全策略以防止潜在漏洞。 - **事务管理**：对于涉及数据库的操作，需注意事务隔离级别的设定，以免引发诸如第二类丢失更新等问题[^4]^5]。 ---