Question

我正在使用Tomcat 7 for Spring和JPA Application，数据库MySQL。一切都工作正常。但有时realm.LockOutRealm验证问题将出现。我还在我的应用程序中使用了连接池，如：

的persistence.xml：

<properties>
      <property name="hibernate.connection.username" value="---"/>
      <property name="hibernate.connection.driver_class" value="com.mysql.jdbc.Driver"/>
      <property name="hibernate.connection.password" value="----------"/>
      <property name="hibernate.connection.url" value="jdbc:mysql://----------?autoReconnect=true"/>
      <!--Connection Pooling c3p0 configuration-->
      <!--Minimum number of JDBC connections in the pool. Hibernate default: 1-->
      <property name="hibernate.c3p0.min_size" value="5"/>
      <!--Maximum number of JDBC connections in the pool. Hibernate default: 100-->
      <property name="hibernate.c3p0.max_size" value="20"/>
      <!--When an idle connection is removed from the pool (in second). Hibernate default: 0, never expire.-->
      <property name="hibernate.c3p0.timeout" value="300"/>
      <!--Number of prepared statements will be cached. Increase performance. Hibernate default: 0 , caching is disable.-->
      <property name="hibernate.c3p0.max_statements" value="50"/>
      <!--idle time in seconds before a connection is automatically validated. Hibernate default: 0-->
      <property name="hibernate.c3p0.idle_test_period" value="300"/>
</properties>

和server.xml中的领域如下所示：

<!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

我在网上搜索但无法找到解决方案。是否有任何一个关于暴力攻击，如果有什么解决方案。

Catelina.out中的错误登录是：

Mar 02, 2013 3:28:34 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Mar 02, 2013 3:29:49 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Mar 02, 2013 3:31:04 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Mar 02, 2013 3:37:25 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "admin"
Mar 02, 2013 3:38:47 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "admin"
Mar 02, 2013 3:39:58 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "admin"
Mar 02, 2013 3:46:31 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "coyote"
Mar 02, 2013 3:52:49 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "manager"
Mar 02, 2013 3:59:03 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "administrator"
Mar 02, 2013 4:06:38 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:07:52 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:09:17 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:10:35 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:11:47 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:13:02 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:14:17 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Mar 02, 2013 4:15:34 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"

> Hibernate: select

---------------------------------- 
javax.persistence.PersistenceException: 
org.hibernate.exception.JDBCConnectionException: could not execute query

(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
    at com.mysql.jdbc.Util.handleNewInstance(Util.java:409)
    at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1118)
    at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:3321)
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1940)
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2568)
    at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2113)
    at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2275)
    at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeQuery(NewProxyPreparedStatement.java:116)
    at org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java:186)
    at org.hibernate.loader.Loader.getResultSet(Loader.java:1787)
    at org.hibernate.loader.Loader.doQuery(Loader.java:674)
    at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:236)
    at org.hibernate.loader.Loader.doList(Loader.java:2220)
    ... 39 more
Caused by: java.net.SocketException: Broken pipe

Answer 1

上面的警告意味着您无法多次对用户tomcat进行身份验证。 Tomcat怀疑这是对用户tomcat的暴力攻击。

您在申请中使用了哪些身份验证？你在应用程序的web.xml中使用了什么login-config？

resourceName“UserDatabase”的默认配置是文件conf / tomcat-users.xml。您是否更改了resourceName“UserDatabase”的配置？

您可以在文件server.xml中找到资源UserDatabase的配置：

<Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />

默认情况下，所有用户都会被评论。为了能够从XML文件中使用用户，您应该取消注释。然后，您将能够使用用户tomcat登录：

<tomcat-users>
  <role rolename="tomcat"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
</tomcat-users>

致以最诚挚的问候，

迈克尔

Answer 2

_{（对此页面的16k访客：}

由于这是SO，我假设读者开发者。）

此错误表示您的脚本/用户尝试使用不正确的用户/通行证登录。修复此问题很简单，只需将正确的用户/密码对添加到文件ApacheTomcat\conf\tomcat-users.xml并重新启动服务器。

同时确保正确设置角色。例如。如果您要向localhost:8080/manager发送基本HTTP身份验证请求，则您需要manager-gui角色：

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="manager-gui"/>
  <user username="foobar" password="foobar" roles="tomcat,role1, manager-gui "/>
</tomcat-users>

如何修复Tomcat警告：尝试对锁定的用户进行身份验证？

2 个答案: