我需要为Springboot应用程序实现HTTP摘要认证。我尝试通过Tomcat设置(How to use digest authentication in Tomcat 8.5?来配置它,因为Springboot不会生成任何web.xml,因此我无法配置它。请问有人可以提供建议吗,因为还有其他选择吗?
遵循的步骤
1.generated sha -256 password
digest.bat -s 0 -a sha-256 tomcat
2. updated tomcat user file
<role rolename="admin-gui"/>
<user username="tomcat" password="ce066452368a3498047a43323cff46a00222945691d728747a2283273506a0a7"
roles="manager-gui,manager,admin"></user>
3. updated tomcat conf/server.xml
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="SHA-256" />
</Realm>
</Realm>
4. updated tomcat conf/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>MySecureResource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin-gui</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin-gui</role-name>
</security-role>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>UserDatabase</realm-name>
</login-config>