问题描述
我正在尝试将MysqL用户表作为领域连接到Tomcat9。用户和角色在2个表中进行管理,如下面的领域配置所示。密码使用MD5哈希值和Base64编码。
不幸的是,我无法使其正常运行。
REALM CONfigURATION:
<!-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack -->
<!--<Realm className="org.apache.catalina.realm.LockOutRealm"> -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<!--<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>-->
<!-- Custom realm for user database -->
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="com.MysqL.cj.jdbc.Driver"
connectionURL="jdbc:MysqL://MysqLserver.example.com:3306/database?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC&verifyServerCertificate=false&useSSL=true&requireSSL=true&autoReconnect=true"
connectionName="MysqLDB"
connectionPassword="MysqL_PASSWORD"
userTable="myuser" userNameCol="username" userCredCol="password"
userRoleTable="myuser_roles" roleNameCol="role"/>
<CredentialHandler
className="org.apache.catalina.realm.MessageDigestCredentialHandler"
algorithm="{MD5}encodedCredential"
iterations="1"
saltLength="0"/>
<!-- </Realm> -->
作品:
当我将密码以纯文本格式保存在数据库中并从配置中删除CrendetialHandler时,它就可以工作。因此,数据库连接/配置似乎是正确的。
不起作用:
将密码保存为散列和编码后,它将不再起作用。我尝试了几种CredentialHandler设置,但总是收到错误消息,例如最新的消息:
WARNING [main] org.apache.tomcat.util.digester.Digester.endElement No rules found matching [Server/Service/Engine/CredentialHandler]
或
WARNING [main] org.apache.catalina.realm.CombinedRealm.setCredentialHandler A CredentialHandler was set on an instance of the CombinedRealm (or a sub-class of CombinedRealm). CombinedRealm doesn't use a configured CredentialHandler. Is this a configuration error?
如您所见,我还尝试注释掉现有的注销领域或将CrendentialHandler放入其中。但是,它仍然无法正常工作。
我该怎么办?
谢谢!
解决方法
您的“ CredentialHandler”位于“领域”之外,这可能是您遇到的问题之一(您在“ roleNameCol”末尾关闭了领域)。我还将代码中的算法简单列为“ MD5”对比您所显示的内容。这可能也是个问题。
我将按如下所示进行修复(我将明确关闭“ CredentialHandler”和“ Realm”以使其更加清晰):
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="com.mysql.cj.jdbc.Driver"
connectionURL="jdbc:mysql://mysqlserver.example.com:3306/database?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC&verifyServerCertificate=false&useSSL=true&requireSSL=true&autoReconnect=true"
connectionName="MYSQLDB"
connectionPassword="MYSQL_PASSWORD"
userTable="myuser" userNameCol="username" userCredCol="password"
userRoleTable="myuser_roles" roleNameCol="role">
<CredentialHandler
className="org.apache.catalina.realm.MessageDigestCredentialHandler"
algorithm="{MD5}encodedCredential"
iterations="1"
saltLength="0">
</CredentialHandler>
</Realm>