Tomcat 9-为manager-gui使用非明文密码无法正常工作

时间:2018-11-29 11:35:34

标签: tomcat

我尝试设置一个启用了manager-gui的新Tomcat 9.0.11,并在tomcat-user.xml中使用哈希密码进行管理员登录。我跟随 http://www.peter-eichenauer.de/safari/blog/entry/tomcat_9_understanding_credentialhandler

,我可以不使用真实密码登录,而只能使用哈希密码字符串登录到manager-gui BUT。因此,Tomcat可能会将哈希密码用作真实密码,但是我设置了

<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-256">
server.xml中的

。所以我不知道该怎么办。请帮忙!

预先感谢

2 个答案:

答案 0 :(得分:0)

对我来说,它是这样工作的:

server.xml: 

...
 <!--
  <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
  -->

  <!-- Use the LockOutRealm to prevent attempts to guess user passwords
       via a brute-force attack -->
  <Realm className="org.apache.catalina.realm.LockOutRealm">
    <!-- This Realm uses the UserDatabase configured in the global JNDI
         resources under the key "UserDatabase".  Any edits
         that are performed against this UserDatabase are immediately
         available for use by the Realm.  -->
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
           resourceName="UserDatabase">
           <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-256"/>
    </Realm>
  </Realm>

并使用以下命令生成摘要(在Windows上):

#> cd path\to\apache-tomcat\bin
#> digest.bat -a sha-256 myPassword
myPassword:f75445d56beaa5767c5d79530f2251eab6f23704b56a513b68f1d075cb64e252$1$cc7f241d7b62f0653d3ca944988a610c05c635a89f33be93ec534f9e0bef0a72

然后tomcat-users.xml对我来说像这样:

<tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0"> 
  <user
       username="myAdminUser"
       password="f75445d56beaa5767c5d79530f2251eab6f23704b56a513b68f1d075cb64e252$1$cc7f241d7b62f0653d3ca944988a610c05c635a89f33be93ec534f9e0bef0a72"
       roles="manager-gui,manager-script,manager-jmx,manager-script,manager-status"/>

</tomcat-users>

答案 1 :(得分:0)

好的,我找到了解决方案。我在server.xml中犯了一个错误: 代替:

     <Realm className="org.apache.catalina.realm.LockOutRealm">
    <!-- This Realm uses the UserDatabase configured in the global JNDI
         resources under the key "UserDatabase".  Any edits
         that are performed against this UserDatabase are immediately
         available for use by the Realm.  -->
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
           resourceName="UserDatabase" >
            <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-256" />
  </Realm></Realm>

我写道:

      <Realm className="org.apache.catalina.realm.LockOutRealm">
    <!-- This Realm uses the UserDatabase configured in the global JNDI
         resources under the key "UserDatabase".  Any edits
         that are performed against this UserDatabase are immediately
         available for use by the Realm.  -->
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
           resourceName="UserDatabase" />
            <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-256" />
  </Realm>

一个愚蠢的关闭Realm错误。谢谢大家!!!

相关问题
最新问题