我正在尝试使用摘要密码运行身份验证。不幸的是,身份验证失败并出现 401 错误。
服务器.xml
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="SHA-512" />
</Realm>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost:3306/usersdb?user=root&password=MySQL_Password"
userTable="users"
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler"
algorithm="SHA-512"
iterations="3"
saltLength="8"
/>
</Realm>
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
在我的数据库usersdb中,有一个名为users的表,其中列user_name和user_pass。此外,还有一个桌子user_roles,上面有user_name和role_name。
我的用户称为syncuser,其角色users.sync。
我消化密码
digest.bat -a sha-512 -i 3 -s 8 -h org.apache.catalina.realm.MessageDigestCredentialHandler MySyncPassword
MySyncPassword:5800a4431c85d7a2$3$81a3cbfe53c94b128c1a37e5101cc7d5c5c69f4b4d4262113247a6db79bb5f8bcdcf57df8b2e1980d954be4ece50c40d862c866d3c44e2fc02cd6ecebcc4a830
我将整个字符串5800a4431c85d7a2$3$81a3cbfe53c94b128c1a37e5101cc7d5c5c69f4b4d4262113247a6db79bb5f8bcdcf57df8b2e1980d954be4ece50c40d862c866d3c44e2fc02cd6ecebcc4a830放入我的user_pass列中。
在网络底部.xml在我的项目中,我有
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-constraint>
<display-name>My Magical Project Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>ServerBackend</web-resource-name>
<url-pattern>/SyncServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>users.sync</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>users.sync</role-name>
</security-role>
<security-role>
<role-name>*</role-name>
</security-role>
</web-app>
我已经通过MD5加密,1次迭代和0次盐以简单的方式尝试了所有这些。问题仍然存在。
事实证明,我的tomcat服务器上缺少JDBC驱动程序库。ClassNotFoundException 未显示在服务器控制台中。
此外,我将Realm标签中的connectionURL从connectionURL="jdbc:mysql://localhost:3306/usersdb?user=root&password=MySQL_Password"更改为
connectionURL="jdbc:mysql://localhost:3306/usersdb"
connectionName="root"
connectionPassword="MySQL_Password"