Tomcat Digest with Manager WebApp

大兔子大兔子 提交于 2019-12-04 14:06:59

问题


I'm trying to get a digest password setup for the tomcat manager application.

I've got

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase" digest="MD5"/>

in my tomcat server.xml changed the manager web application's web.xml to use digest and changed the realm name to TESTING:

<login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>TESTING</realm-name>
  </login-config>

I then used the included bat file to generate the md5 hash:

C:\tomcat6\bin>digest.bat -a MD5 tomcat:TESTING:testor
tomcat:TESTING:testor:1926e50988667dbd5deda9df02b82f28

I then have a user in tomcat-users.xml with that digested hash as a password:

<!-- testor -->
  <user username="tomcat" password="1926e50988667dbd5deda9df02b82f28" roles="manager"/>

I've also modifed the 401.jsp page to use digest and TESTING as the realm name.

I start up the web app, go to http://localhost:8080/manager/html and am prompted with the standard form. Typing in tomcat as the user, and testor as the password, I hit enter only to get a 401. I of course try again and again get a 401.

I'll probably go with BASIC authentication over SSL in the end since ant can't do digest, as far as I know.

But is there anyway to do this?


回答1:


I tried out KiaMorot's answer with Tomcat 8.0.32, but it did not work. It did work when I added the option "-s 0" (salt lenth zero) when generating the digested password:

sudo /opt/apache-tomcat-8.0.32/bin/digest.sh -s 0 -a MD5 'developer:UserDatabase:my clear text password'

In this citation of my command I omitted my clear text password and replaced it with the string "my clear text password". Please keep the single quotes, otherwise the shell will interpret special characters in your password.

You can check whether omitting the -s option is your problem as follows. If I do the digest.sh command multiple times without the -s option, I get different results although the command-line of each repetition is the same.




回答2:


The following works for me:

digest.sh -a MD5 tomcat:UserDatabase:testor



回答3:


I believe you are missing the lines in server.xml where you define the name of your resource.

 <Resource
    auth="Container"
    description="User database that can be updated and saved"
    factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
    name="UserDatabase"  #<--------------NOTE
    pathname="conf/tomcat-users.xml"
    type="org.apache.catalina.UserDatabase"/>

The value of attribute name from <Resource> definition has to match with the value of attribute resourceName from your <Realm> definition, e.g.

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
   resourceName="UserDatabase"  #<------------NOTE
   digest="MD5"/>

This has to match with <realm-name> configuration in web.xml, e.g.

<login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>UserDatabase</realm-name> #<------------NOTE
</login-config>

And do not forget to generate your password as follows:

C:\tomcat6\bin>digest.bat -a MD5 tomcat:UserDatabase:testor

If all this is fulfilled your setup should work flawlessly as it does in my case.

Note that for tomcat7 and tomcat8 MD5 as digest algorithm is a must.




回答4:


Everything is fine. but what path are you using to update web.xml? It should be /webapps/manager/WEB-INF/web.xml here change the loginconfig.

And make sure what version you are using cause 8.0.26 is not a stable version to generate md5 password.




回答5:


1) Generate password: /bin>digest.bat -s 0 -a sha-256

Example: /bin>digest.bat -s 0 -a sha-256 admin

Password to use is: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918

*Important note: You must use “-s 0 “(salt 0) or it won’t work.

2) paste password above into your tomcat-users.xml file.

Example:

<!-- for password “admin” -->
<user username="tomcat" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" roles="manager-gui,manager,admin"></user>

3) configure server.xml to use SHA-256 digest hashed based passwords:

4) configure your web.xml to use “DIGEST” passwords and update RealmName to match above (in the HTMLManager section)

 <catalina_home>/webapps/manager\WEB-INF\web.xml

    <login-config>
        <auth-method>DIGEST</auth-method>
        <realm-name>UserDatabase</realm-name> 
    </login-config>

Full context:
  <servlet>
    <servlet-name>HTMLManager</servlet-name>
    <servlet-class>org.apache.catalina.manager.HTMLManagerServlet</servlet-class>
    <init-param>
      <param-name>debug</param-name>
      <param-value>2</param-value>
    </init-param>

… SNIPPED_FOR_BREVITY ...   

    <login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>UserDatabase</realm-name>
  </login-config>

    <multipart-config>
      <!-- 50MB max -->
      <max-file-size>52428800</max-file-size>
      <max-request-size>52428800</max-request-size>
      <file-size-threshold>0</file-size-threshold>
    </multipart-config>
  </servlet>


来源:https://stackoverflow.com/questions/2978884/tomcat-digest-with-manager-webapp

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!