如何在 tomcat6 中使用带有 BASIC 身份验证的哈希密码？

发布于 2024-11-14 21:51:09 字数 1093 浏览 5 评论 0原文

我想在 tomcat-users.xml 中使用带有 BASIC 身份验证的哈希密码。我将digest="SHA" 添加到领域定义中。 UserDatabase 部分在 $TOMCAT_HOME/conf/server.xml 中定义如下：

<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
          type="org.apache.catalina.UserDatabase"
          description="User database that can be updated and saved"
          factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
          pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
...
<Engine>
...
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             digest="SHA"
             resourceName="UserDatabase" />  
...
</Engine>

但重启后 tomcat 仍将 $TOMCAT_HOME/conf/tomcat-users.xml 中定义的所有密码视为纯文本密码。

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<user username="guest" password="e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4" roles="role1" />
</tomcat-users>

即我可以使用用户名/密码 guest/e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 登录，但不能使用 guest/secret 登录。

请指出我做错了什么？

原文

I want to use hashed passwords in tomcat-users.xml with BASIC authentication. I added digest="SHA" to realm definition. UserDatabase part is defined as this in $TOMCAT_HOME/conf/server.xml:

<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
          type="org.apache.catalina.UserDatabase"
          description="User database that can be updated and saved"
          factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
          pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
...
<Engine>
...
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             digest="SHA"
             resourceName="UserDatabase" />  
...
</Engine>

But after restart tomcat still treats all defined in $TOMCAT_HOME/conf/tomcat-users.xml passwords as plain-text ones.

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<user username="guest" password="e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4" roles="role1" />
</tomcat-users>

I.e. I can login with username/password guest/e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4, but not with guest/secret as it should be.

Please point me what I'm doing wrong?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

万人眼中万个我 2024-11-21 21:51:09

您的解决方案应适用于 Tomcat 7，但从 Tomcat 8 开始，您必须在 Realm 内指定 CredentialHandler 部分，如下所示：

Tomcat 6...7 ：

      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             digest="sha"
             resourceName="UserDatabase" />

Tomcat 8：

      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase">
           <CredentialHandler
              className="org.apache.catalina.realm.MessageDigestCredentialHandler"     
              algorithm="sha" />
      </Realm>

注意：有关更安全的散列，例如 PBKDF2WithHmacSHA512，请参阅这个答案。

Your solution should work up to Tomcat 7, but starting from Tomcat 8 you have to specify the CredentialHandler section inside Realm as shown below:

Tomcat 6...7:

      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             digest="sha"
             resourceName="UserDatabase" />

Tomcat 8:

      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase">
           <CredentialHandler
              className="org.apache.catalina.realm.MessageDigestCredentialHandler"     
              algorithm="sha" />
      </Realm>

NB: For more secure hashing, like PBKDF2WithHmacSHA512, see this answer.

回复收藏 0 原文

~没有更多了~