时间戳

首页 > 解决方案 > Tomcat 8.5 JDBC Realm 与摘要加盐密码:身份验证失败

java - Tomcat 8.5 JDBC Realm 与摘要加盐密码:身份验证失败

问题描述

我正在尝试使用摘要密码运行身份验证。不幸的是,身份验证失败并出现 401 错误。

服务器.xml

<?xml version="1.0" encoding="UTF-8"?>

<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

    <Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase">
            <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="SHA-512" />
        </Realm>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

            <Realm className="org.apache.catalina.realm.JDBCRealm" 
                driverName="com.mysql.jdbc.Driver"
                connectionURL="jdbc:mysql://localhost:3306/usersdb?user=root&amp;password=MySQL_Password"
                userTable="users"
                userNameCol="user_name" 
                userCredCol="user_pass"
                userRoleTable="user_roles" 
                roleNameCol="role_name">

                <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler"
                    algorithm="SHA-512"
                    iterations="3"
                    saltLength="8"
                />
            </Realm>

        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>

在我的数据库usersdb中,有一个名为 的表,其中包含和users列。此外,还有一个带有和的表。user_nameuser_passuser_rolesuser_namerole_name

我的用户被调用syncuser,它具有角色users.sync

我消化密码

digest.bat -a sha-512 -i 3 -s 8 -h org.apache.catalina.realm.MessageDigestCredentialHandler MySyncPassword
MySyncPassword:5800a4431c85d7a2$3$81a3cbfe53c94b128c1a37e5101cc7d5c5c69f4b4d4262113247a6db79bb5f8bcdcf57df8b2e1980d954be4ece50c40d862c866d3c44e2fc02cd6ecebcc4a830

我将整个字符串5800a4431c85d7a2$3$81a3cbfe53c94b128c1a37e5101cc7d5c5c69f4b4d4262113247a6db79bb5f8bcdcf57df8b2e1980d954be4ece50c40d862c866d3c44e2fc02cd6ecebcc4a830放入我的user_pass专栏。

在我项目中 web.xml 的底部,我有

  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config>
  <security-constraint>
    <display-name>My Magical Project Security Constraint</display-name>
    <web-resource-collection>
      <web-resource-name>ServerBackend</web-resource-name>
      <url-pattern>/SyncServlet</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>users.sync</role-name>
    </auth-constraint>
  </security-constraint>
  <security-role>
    <role-name>users.sync</role-name>
  </security-role>
  <security-role>
    <role-name>*</role-name>
  </security-role>
</web-app>

我已经用 MD5 加密、1 次迭代和 0 盐以简单的方式尝试了这一切。问题仍然存在。

标签: javatomcatjdbchashsalt

解决方案

原来,我的 Tomcat 服务器上缺少 JDBC 驱动程序库。ClassNotFoundException 未显示在服务器控制台中。

此外,我将connectionURL标签中的Realm从更改connectionURL="jdbc:mysql://localhost:3306/usersdb?user=root&amp;password=MySQL_Password"

connectionURL="jdbc:mysql://localhost:3306/usersdb"
connectionName="root"
connectionPassword="MySQL_Password"

推荐阅读