[英]Tomcat JSP authentication fails
I have a Tomcat 7.0.52 server running. 我正在运行Tomcat 7.0.52服务器。 In it there is a File Browser ( http://www.vonloesch.de/filebrowser.html it's a bit old but it does what I need it to do)
在其中有一个文件浏览器( http://www.vonloesch.de/filebrowser.html它有点旧,但是可以满足我的需要)
However, I want to password protect the browser and not store the password as plain text so I have updated the Realm section as follows: 但是,我想用密码保护浏览器,而不是将密码存储为纯文本,因此我对Realm部分进行了如下更新:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
digest="SHA-1" digestEncoding="UTF-8"
resourceName="UserDatabase"/>
The File Browser was installed in ${CATALINA_HOME}/webapps/Browser/index.jsp 文件浏览器已安装在$ {CATALINA_HOME} /webapps/Browser/index.jsp中
Then I created the file ${CATALINA_HOME}/webapps/Browser/WEB-INF/web.xml as follows: 然后,我创建文件$ {CATALINA_HOME} /webapps/Browser/WEB-INF/web.xml,如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Browser</display-name>
<description>A JSP file manager for Tomcat</description>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>browser</role-name>
</security-role>
<!-- Define a Security Constraint on this Application -->
<!-- NOTE: None of these roles are present in the default users file -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Browser</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>browser</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
And finally, I added the following lines to the section in the ${CATALINA_HOME}/conf/tomcat-users.xml file: 最后,我将以下行添加到$ {CATALINA_HOME} /conf/tomcat-users.xml文件的部分中:
<role rolename="browser"/>
<user username="fadmin" password="...pw hash removed..." roles="browser"/>
The tomcat-users.xml file also contains information for accessing the Tomcat manager page. tomcat-users.xml文件还包含用于访问“ Tomcat管理器”页面的信息。 Also I have checked the web.xml I created against the web.xml of the Tomcat manager and the , and sections look very similar
另外,我还对照Tomcat管理器和的web.xml检查了我创建的web.xml,这些部分看起来非常相似
Now, when I access the Tomcat manager page, I get a username/password box and when I enter the correct credentials I get access to the manager page. 现在,当我访问Tomcat管理器页面时,我得到一个用户名/密码框,当我输入正确的凭据时,就可以访问管理器页面。 However, when I try to access the Browser page, I don't get the username/password box but I immediately get a 403 page with the following content:
但是,当我尝试访问“浏览器”页面时,没有得到用户名/密码框,但我立即获得了一个包含以下内容的403页面:
HTTP Status 403 - Access to the requested resource has been denied
--------------------------------------------------------------------------------
type Status report
message Access to the requested resource has been denied
description Access to the specified resource has been forbidden.
What am I doing wrong? 我究竟做错了什么?
As per request, here is the contents of the tomcat-users.xml file (I did leave out the comments though and removed the password hashes) 根据请求,这是tomcat-users.xml文件的内容(尽管我确实省略了注释并删除了密码哈希)
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<user username="tcadmin" password="...pw hash removed..." roles="tomcat,admin-gui,manager-gui,manager-status"/>
<role rolename="browser"/>
<user username="fadmin" password="...pw hash removed..." roles="browser"/>
</tomcat-users>
And the solution was so simple...... 而且解决方案是如此简单……
Restart Tomcat after changing the tomcat-users.xml 更改tomcat-users.xml后重新启动Tomcat
Now it works as expected. 现在它可以按预期工作了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.