如何在 Tomcat 8.5 中使用摘要认证? [英] How to use digest authentication in Tomcat 8.5?
本文介绍了如何在 Tomcat 8.5 中使用摘要认证?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试使用 Tomcat 8.5 附带的管理器应用程序.但是,每次我尝试使用用户admin"的密码test"登录时,它都不起作用.如果我插入从digest.bat 获得的确切MD5 哈希值,我就可以登录了.
I am trying to use the manager application that comes with Tomcat 8.5. However, every time that I try to log on with the password of "test" for the user "admin", it does not work. If I plug in the exact MD5 hash that I obtained from digest.bat, I am able to log in.
有没有人设法让它正常工作?
Has anyone managed to get this working appropriately?
server.xml
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" digest="md5" />
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="MD5" />
</Realm>
tomcat-users.xml
<?xml version='1.0' encoding='cp1252'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<user username="admin" password="41858d1250c84a1bfb882bcb02b85ba8" roles="admin-gui,manager-gui" />
<user username="test" password="test" roles="manager-gui,admin-gui" />
</tomcat-users>
tomcat webapp manager web.xml 摘录
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>TEST</realm-name>
<!--<realm-name>Tomcat Manager Application</realm-name>-->
</login-config>
digest.bat 输出
.\digest.bat -a MD5 -s 0 admin:TEST:test
admin:TEST:test:41858d1250c84a1bfb882bcb02b85ba8
推荐答案
**** 密码摘要流程已更改为 tomcat 8.5 版本;它已经被修改然后它在tomcat早期版本中的样子
这里是Tomcat 8.5.x的tomcat密码摘要过程(我们使用算法SHA-256和SHA-512)
**** Password digest process has been change to tomcat 8.5 version; it has been modified then how it was in tomcat earlier versions
Here is the tomcat password digest process for Tomcat 8.5.x ( we are using algorithm SHA-256 and SHA-512)
1. Change in $CATALINA_BASE/conf/server.xml file:
a. From
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
b. To
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-512" />
</Realm>
</Realm>
2. Create digest password:
a. Go to location $CATALINA_BASE/bin/ and run digest.sh
i. For sha-256:
[root@aa22 bin]# ./digest.sh -a sha-256 -h org.apache.catalina.realm.MessageDigestCredentialHandler xxxxxxxx
xxxxxxxx:5327b745a19144e34ca40128219ab660b09ff9cf866222c1850a5e7a716db669$1$b4b734709246d25373a730cad709151db47920f79e1a1d65f6772d1307216f1b
ii. For sha-512:
[root@aa12 bin]# ./digest.sh -a sha-512 -h org.apache.catalina.realm.MessageDigestCredentialHandler xxxxxxxx
xxxxxxxx:d92d95ae2fab83ca1eafae3b900ae9ab2115eac644935fb35a5973c3032dbcc7$1$c1f8e55b0beb771198ab46a69e1559ae145f172226d6f11ee91d67fde361717ca7498f48e486e4267e810b64e0a9096b16311ddc85b746c0019088462975bc9f
3. Now copy digested password to $CATALINA_BASE/conf/tomcat-users.xml
a. Replace the plain text password with this digested password and restart tomcat. Make sure; you are using same algo name in server.xml; by which you digested the plain test password.
4. End
这篇关于如何在 Tomcat 8.5 中使用摘要认证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
