我正在尝试使用Tomcat 8.5附带的管理器应用程序。但是,每次我尝试使用用户“admin”的密码“test”登录时,它都不起作用。如果我插入从digest.bat获得的确切MD5哈希,我就可以登录。
有没有人设法使其正常运作?
server.xml中
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" digest="md5" />
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="MD5" />
</Realm>
Tomcat的users.xml中
<?xml version='1.0' encoding='cp1252'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<user username="admin" password="41858d1250c84a1bfb882bcb02b85ba8" roles="admin-gui,manager-gui" />
<user username="test" password="test" roles="manager-gui,admin-gui" />
</tomcat-users>
tomcat webapp manager web.xml摘录
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>TEST</realm-name>
<!--<realm-name>Tomcat Manager Application</realm-name>-->
</login-config>
digest.bat输出
.\digest.bat -a MD5 -s 0 admin:TEST:test
admin:TEST:test:41858d1250c84a1bfb882bcb02b85ba8
答案 0 :(得分:10)
以下是Tomcat 8.5.x的tomcat密码摘要过程(我们使用的算法是SHA-256和SHA-512)
1. Change in $CATALINA_BASE/conf/server.xml file:
a. From
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
b. To
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-512" />
</Realm>
</Realm>
2. Create digest password:
a. Go to location $CATALINA_BASE/bin/ and run digest.sh
i. For sha-256:
[root@aa22 bin]# ./digest.sh -a sha-256 -h org.apache.catalina.realm.MessageDigestCredentialHandler xxxxxxxx
xxxxxxxx:5327b745a19144e34ca40128219ab660b09ff9cf866222c1850a5e7a716db669$1$b4b734709246d25373a730cad709151db47920f79e1a1d65f6772d1307216f1b
ii. For sha-512:
[root@aa12 bin]# ./digest.sh -a sha-512 -h org.apache.catalina.realm.MessageDigestCredentialHandler xxxxxxxx
xxxxxxxx:d92d95ae2fab83ca1eafae3b900ae9ab2115eac644935fb35a5973c3032dbcc7$1$c1f8e55b0beb771198ab46a69e1559ae145f172226d6f11ee91d67fde361717ca7498f48e486e4267e810b64e0a9096b16311ddc85b746c0019088462975bc9f
3. Now copy digested password to $CATALINA_BASE/conf/tomcat-users.xml
a. Replace the plain text password with this digested password and restart tomcat. Make sure; you are using same algo name in server.xml; by which you digested the plain test password.
4. End
答案 1 :(得分:3)
除了将CredentialHandler放入Realm:
之外,我的工作方式非常有效<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="MD5" />
</Realm>
</Realm>
答案 2 :(得分:2)
以下是您通过4个简单步骤完成的方法。上述一些建议缺少一些步骤(如步骤#4)。此外,生成哈希时-s 0(salt 0)也可以。
1)生成密码: /bin>digest.bat -s 0 -a sha-256
实施例: /bin>digest.bat -s 0 -a sha-256 admin
使用的密码是: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
*重要提示:您必须使用“-s 0”(盐0),否则无效。
2)将密码粘贴到tomcat-users.xml文件中。
示例:
<!-- for password “admin” -->
<user username="tomcat" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" roles="manager-gui,manager,admin"></user>
3)配置server.xml以使用SHA-256摘要基于哈希的密码:
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="SHA-256" />
</Realm>
</Realm>
4)将您的web.xml配置为使用“DIGEST”密码并更新RealmName以匹配上述(在HTMLManager部分中)
<catalina_home>/webapps/manager\WEB-INF\web.xml
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>UserDatabase</realm-name>
</login-config>
Full context:
<servlet>
<servlet-name>HTMLManager</servlet-name>
<servlet-class>org.apache.catalina.manager.HTMLManagerServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
… SNIPPED_FOR_BREVITY ...
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>UserDatabase</realm-name>
</login-config>
<multipart-config>
<!-- 50MB max -->
<max-file-size>52428800</max-file-size>
<max-request-size>52428800</max-request-size>
<file-size-threshold>0</file-size-threshold>
</multipart-config>
</servlet>
答案 3 :(得分:0)
如果使用DIGEST,我不认为选择算法并不容易。 (至少我失败了......) 根据文件https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#Digested_Passwords - &#34;如果使用带有DIGEST认证的消化密码,用于生成摘要的明文不同,摘要必须使用MD5算法的一次迭代,不含盐。&#34;听我说你必须至少使用一次md5。使用基于表单的身份验证等方式摆脱md5要容易得多。