使用JDBCRealm时发生异常

时间:2017-06-21 05:08:04

标签: java tomcat servlets java-ee

如何调试由javax.servlet.ServletException方法引起的request.login()? Login.java

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // TODO Auto-generated method stub
    PrintWriter out = response.getWriter();
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    try {       
        request.login(username, password); // Exceptions happen.
        out.println("logged in");
    } catch (Exception e) {
        e.printStackTrace();
    }
}

tomcat server.xml

  <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
      </Realm>


<!-- added by myself>
    <Context>
      <Realm className="org.apache.catalina.realm.JDBCRealm" 
          connectionName="root" 
          connectionPassword="password" 
          connectionURL="jdbc:mysql://localhost/forum?autoReconnectForPools=true&amp;characterEncoding=UTF-8" 
          digest="MD5" 
          driverName="com.mysql.jdbc.Driver" 
          roleNameCol="role_name" 
          userCredCol="user_pass"
          userNameCol="user_name"
          userRoleTable="user_roles"
          userTable="users" />
     </Context>

例外:

  

javax.servlet.ServletException:登录失败   org.apache.catalina.authenticator.AuthenticatorBase.doLogin(AuthenticatorBase.java:963)     在   org.apache.catalina.authenticator.AuthenticatorBase.login(AuthenticatorBase.java:943)     在org.apache.catalina.connector.Request.login(Request.java:2768)at   org.apache.catalina.connector.RequestFacade.login(RequestFacade.java:1064)     在com.example.Login.doPost(Login.java:55)at   javax.servlet.http.HttpServlet.service(HttpServlet.java:650)at at   javax.servlet.http.HttpServlet.service(HttpServlet.java:731)at at   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)     在   org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)     在   org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)     在   org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)     在   org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)     在   org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)     在   org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)     在   org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)     在   org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)     在   org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)     在   org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)     在   org.apache.coyote.AbstractProtocol $ AbstractConnectionHandler.process(AbstractProtocol.java:637)     在   org.apache.tomcat.util.net.JIoEndpoint $ SocketProcessor.run(JIoEndpoint.java:318)     在   java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)     在   java.util.concurrent.ThreadPoolExecutor中的$ Worker.run(ThreadPoolExecutor.java:617)     在   org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.java:61)     在java.lang.Thread.run(Thread.java:745)

1 个答案:

答案 0 :(得分:1)

您获得Login fail,因为您在数据库中创建散列密码的方法与Tomcat JDBCRealm使用的方法不同。

不应使用MySql MD5函数,而应使用Tomcat提供的digest工具(在Tomcat安装的bin目录中)生成散列密码。

例如(密码为“1”):

[steve@Steves-MacBook-Pro apache-tomcat-8.0.18]$ bin/digest.sh -s 0 -a MD5 1
1:$1$c4ca4238a0b923820dcc509a6f75849b

我希望这个结果($1$c4ca4238a0...)与您在数据库表中观察到的结果不同。

此外,根据Tomcat 8 Realm Configuration HOW-TO,您应该消化值{username}:{realm}:{cleartext-password}而不是{cleartext-password},并将其存储在数据库中。 {realm}值来自web.xml文件中的<realm-name>