如何修复Tomcat的警告:试图对锁定的用户进行身份验证? [英] How to fix Tomcat WARNING: An attempt was made to authenticate the locked user?
本文介绍了如何修复Tomcat的警告:试图对锁定的用户进行身份验证?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我使用Tomcat 7与Spring和JPA应用程序,数据库MySQL的。
一切工作fine.but有时realm.LockOutRealm验证会出现问题。我还使用连接池在我的应用程序,如:
的persistence.xml:
<性状>
<属性名=hibernate.connection.usernameVALUE =---/>
<属性名=hibernate.connection.driver_classVALUE =com.mysql.jdbc.Driver/>
<属性名=hibernate.connection.passwordVALUE =----------/>
<属性名=hibernate.connection.url值=的jdbc:mysql的:// ---------- autoReconnect的=真的吗?/>
<! - 连接池C3P0配置 - >
<! - 在池中的JDBC连接的最小数量。 Hibernate的默认设置:1 - >
<属性名=hibernate.c3p0.min_sizeVALUE =5/>
<! - 在池中的JDBC连接的最大数目。 Hibernate的默认设置:100 - >
<属性名=hibernate.c3p0.max_sizeVALUE =20/>
<! - 当一个空闲连接从池中(第二)中删除。 Hibernate的默认值:0,永不过期。 - >
<属性名=hibernate.c3p0.timeoutVALUE =300/>
<! - $ P $数ppared语句将被缓存。提高性能。 Hibernate的默认值:0,缓存是禁用.-->
<属性名=hibernate.c3p0.max_statementsVALUE =50/>
<! - 在几秒钟的空闲时间连接之前自动验证。 Hibernate的默认值:0 - >
<属性名=hibernate.c3p0.idle_test_periodVALUE =300/>
< /性状>
和领域在server.xml中的样子:
<! - 使用LockOutRealm至prevent试图猜测用户密码
通过强力攻击 - >
<境界的className =org.apache.catalina.realm.LockOutRealm>
<! - 这个领域将在全局JNDI配置的UserDatabase
关键UserDatabase下的资源。任何编辑
这是针对这个UserDatabase进行立即
可供王国使用。 - >
<境界的className =org.apache.catalina.realm.UserDatabaseRealm
资源名称=UserDatabase/>
< /领域> <主机名=本地主机的appBase =的webapps
unpackWARs =真正的自动部署=真> <! - 单一登入阀,web应用程序之间共享认证
文档:/docs/config/valve.html - >
<! -
<阀门的className =org.apache.catalina.authenticator.SingleSignOn/>
- >
我上搜索网,但couldnot找到这个解决方案。有蛮力攻击任一项,如果有比什么是这个溶液中。
在错误日志中 Catelina.out 是:
2013年3月2日下午3时28分34秒org.apache.catalina.realm.LockOutRealm身份验证
警告:试图验证锁定的用户雄猫
2013年3月2日下午3点29分49秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户雄猫
2013年3月2日下午3时31分04秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户雄猫
2013年3月2日下午3时37分25秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定用户admin
2013年3月2日下午3点38分47秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定用户admin
2013年3月2日下午3点39分58秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定用户admin
2013年3月2日下午3点46分31秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户土狼
2013年3月2日下午3时52分49秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户经理
2013年3月2日下午3时59分03秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定用户administrator
2013年3月2日下午4时06分38秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户根
2013年3月2日下午4时07分52秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户根
2013年3月2日下午4点09分17秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户根
2013年3月2日下午4点10分35秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户根
2013年3月2日下午4时十一分47秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户根
2013年3月2日下午4时13分02秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户根
2013年3月2日下午4时14分17秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户根
2013年3月2日下午四点15分34秒org.apache.catalina.realm.LockOutRealm认证
警告:试图验证锁定的用户根>休眠:选择----------------------------------
javax.persistence.PersistenceException:
org.hibernate.exception.JDBCConnectionException:无法执行查询(DelegatingConstructorAccessorImpl.java:45)
在java.lang.reflect.Constructor.newInstance(Constructor.java:525)
在com.mysql.jdbc.Util.handleNewInstance(Util.java:409)
在com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1118)
在com.mysql.jdbc.MysqlIO.send(MysqlIO.java:3321)
在com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1940)
在com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113)
在com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2568)
在com.mysql.jdbc preparedStatement.executeInternal(preparedStatement.java:2113)。
在com.mysql.jdbc preparedStatement.executeQuery(preparedStatement.java:2275)。
在com.mchange.v2.c3p0.impl.NewProxy$p$pparedStatement.executeQuery(NewProxy$p$pparedStatement.java:116)
在org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java:186)
在org.hibernate.loader.Loader.getResultSet(Loader.java:1787)
在org.hibernate.loader.Loader.doQuery(Loader.java:674)
在org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:236)
在org.hibernate.loader.Loader.doList(Loader.java:2220)
... 39更多
java.net.SocketException异常:引起管道中断
解决方案
上面的警告,意味着你无法给用户tomcat的多次验证。
Tomcat的怀疑,这是对用户tomcat的强力攻击。
你在你的应用程序中使用的身份验证?什么登录-Config中,在应用程序的web.xml中使用?
资源名称UserDatabase的默认配置文件的conf / tomcat的-users.xml中。
你有没有改变资源名称UserDatabase配置?
您可以找到资源UserDatabase的server.xml中的文件中的配置:
<资源名称=UserDatabaseAUTH =容器
类型=org.apache.catalina.UserDatabase
说明=用户的数据库,可以更新并保存
工厂=org.apache.catalina.users.MemoryUserDatabaseFactory
路径=的conf / tomcat的-users.xml中/>
在默认情况下所有用户评论。
为了能够与您应该取消对XML文件的用户的工作。然后,您将能够与用户的tomcat登录:
< tomcat的用户>
<角色角色名称=雄猫/>
<使用者的用户名=雄猫密码=雄猫角色=雄猫/>
< / tomcat的用户>
最好的问候,
迈克尔
I am using Tomcat 7 with for Spring and JPA Application, database MySQL. Everything is working fine.but sometime realm.LockOutRealm authenticate problem will arise. I also used connection pooling in my application like:
persistence.xml:
<properties>
<property name="hibernate.connection.username" value="---"/>
<property name="hibernate.connection.driver_class" value="com.mysql.jdbc.Driver"/>
<property name="hibernate.connection.password" value="----------"/>
<property name="hibernate.connection.url" value="jdbc:mysql://----------?autoReconnect=true"/>
<!--Connection Pooling c3p0 configuration-->
<!--Minimum number of JDBC connections in the pool. Hibernate default: 1-->
<property name="hibernate.c3p0.min_size" value="5"/>
<!--Maximum number of JDBC connections in the pool. Hibernate default: 100-->
<property name="hibernate.c3p0.max_size" value="20"/>
<!--When an idle connection is removed from the pool (in second). Hibernate default: 0, never expire.-->
<property name="hibernate.c3p0.timeout" value="300"/>
<!--Number of prepared statements will be cached. Increase performance. Hibernate default: 0 , caching is disable.-->
<property name="hibernate.c3p0.max_statements" value="50"/>
<!--idle time in seconds before a connection is automatically validated. Hibernate default: 0-->
<property name="hibernate.c3p0.idle_test_period" value="300"/>
</properties>
and realm in server.xml looks like :
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
I search on net but couldnot find solution about this. is there any one on brute force attack and if there is than what is the solution of this.
Error log in Catelina.out in is:
Mar 02, 2013 3:28:34 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Mar 02, 2013 3:29:49 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Mar 02, 2013 3:31:04 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Mar 02, 2013 3:37:25 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "admin"
Mar 02, 2013 3:38:47 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "admin"
Mar 02, 2013 3:39:58 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "admin"
Mar 02, 2013 3:46:31 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "coyote"
Mar 02, 2013 3:52:49 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "manager"
Mar 02, 2013 3:59:03 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "administrator"
Mar 02, 2013 4:06:38 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:07:52 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:09:17 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:10:35 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:11:47 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:13:02 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:14:17 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:15:34 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
> Hibernate: select
----------------------------------
javax.persistence.PersistenceException:
org.hibernate.exception.JDBCConnectionException: could not execute query
(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:409)
at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1118)
at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:3321)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1940)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2568)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2113)
at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2275)
at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeQuery(NewProxyPreparedStatement.java:116)
at org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java:186)
at org.hibernate.loader.Loader.getResultSet(Loader.java:1787)
at org.hibernate.loader.Loader.doQuery(Loader.java:674)
at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:236)
at org.hibernate.loader.Loader.doList(Loader.java:2220)
... 39 more
Caused by: java.net.SocketException: Broken pipe
解决方案
The warning above means that you fail to authenticate the user tomcat more than once. Tomcat suspects that it is brute force attack on the user tomcat.
What authentication you use in your application? What login-config you use in web.xml of the application?
The default configuration of resourceName "UserDatabase" is the file conf/tomcat-users.xml. Did you change the configuration of resourceName "UserDatabase"?
You can find the configuration of the resource UserDatabase in the file server.xml:
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
By default all users are commented. To be able to work with users from the XML file you should uncomment. Then, you will be able to login with user tomcat:
<tomcat-users>
<role rolename="tomcat"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
</tomcat-users>
Best regards,
Michael
这篇关于如何修复Tomcat的警告:试图对锁定的用户进行身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
