【发布时间】:2020-05-23 09:01:50
【问题描述】:
我正在尝试使用摘要密码运行身份验证。不幸的是,身份验证失败并出现 401 错误。
服务器.xml
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="SHA-512" />
</Realm>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost:3306/usersdb?user=root&password=MySQL_Password"
userTable="users"
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler"
algorithm="SHA-512"
iterations="3"
saltLength="8"
/>
</Realm>
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
在我的数据库usersdb 中,有一个名为users 的表,其中包含user_name 和user_pass 列。此外,还有一个表user_roles 与user_name 和role_name。
我的用户名为syncuser,其角色为users.sync。
我通过
消化密码digest.bat -a sha-512 -i 3 -s 8 -h org.apache.catalina.realm.MessageDigestCredentialHandler MySyncPassword
MySyncPassword:5800a4431c85d7a2$3$81a3cbfe53c94b128c1a37e5101cc7d5c5c69f4b4d4262113247a6db79bb5f8bcdcf57df8b2e1980d954be4ece50c40d862c866d3c44e2fc02cd6ecebcc4a830
我将整个字符串 5800a4431c85d7a2$3$81a3cbfe53c94b128c1a37e5101cc7d5c5c69f4b4d4262113247a6db79bb5f8bcdcf57df8b2e1980d954be4ece50c40d862c866d3c44e2fc02cd6ecebcc4a830 放入我的 user_pass 列中。
在我项目中 web.xml 的底部,我有
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-constraint>
<display-name>My Magical Project Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>ServerBackend</web-resource-name>
<url-pattern>/SyncServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>users.sync</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>users.sync</role-name>
</security-role>
<security-role>
<role-name>*</role-name>
</security-role>
</web-app>
我已经用 MD5 加密、1 次迭代和 0 盐以简单的方式尝试了这一切。问题依然存在。
【问题讨论】:
-
您是否尝试过将干净的密码放入该列并检查身份验证是否成功?
-
是的。也没有成功。结果发现,JDBC 驱动库丢失了。
标签: java tomcat jdbc hash salt