堆栈内存溢出
  简体   繁体   English

如何禁用或删除 Tomcat 身份验证 (Realm)

[英]How to disable or remove Tomcat authentication (Realm)

 原文  2016-04-17 15:32:09       java/ spring/ tomcat/ spring-security/ web.xml

问题描述

I deployed my Spring application on my server for the first time via the Tomcat manager.我第一次通过 Tomcat 管理器在我的服务器上部署了我的 Spring 应用程序。

The application starts correctly, there are nothing in error in logs.应用程序正确启动,日志中没有任何错误。

But when I try to access my application via the URL ( http://www.myWebApp.com/webapp ), a Tomcat authentication box always appears, with the message:但是当我尝试通过 URL ( http://www.myWebApp.com/webapp ) 访问我的应用程序时,总是会出现一个 Tomcat 身份验证框,并显示以下消息:

"The http://www.myWebApp.com site requires a user name and password. The site says: Realm". http://www.myWebApp.com站点需要用户名和密码。站点显示:Realm”。

Note there is a first Apache authentication, that I can validate with my username and my password without any problem.请注意,有第一个 Apache 身份验证,我可以使用我的用户名和密码进行验证,没有任何问题。 The Tomcat authentication box is display after validate the first Apache authentication box.验证第一个 Apache 身份验证框后,将显示 Tomcat 身份验证框。

I have not yet set, and the "web.xml" file of my application is however relatively simple.我还没有设置,但是我的应用程序的“web.xml”文件相对简单。 I use Spring Based Configuration to simplify the dev.我使用基于 Spring 的配置来简化开发。

web.xml:网页.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="true" version="3.0">
  <filter>
    <filter-name>CharacterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
      <param-name>encoding</param-name>
      <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
      <param-name>forceEncoding</param-name>
      <param-value>true</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CharacterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>/static/*</url-pattern>
  </servlet-mapping>
  <servlet>
    <servlet-name>403Jsp</servlet-name>
    <jsp-file>/403.jsp</jsp-file>
  </servlet>
  <servlet-mapping>
    <servlet-name>403Jsp</servlet-name>
    <url-pattern>/403</url-pattern>
  </servlet-mapping>
  <error-page>
    <error-code>403</error-code>
    <location>/403</location>
  </error-page>
</web-app>

catalina.2016-04-17.log: catalina.2016-04-17.log:

17-Apr-2016 19:13:21.092 WARNING [main] org.apache.catalina.startup.ClassLoaderFactory.validateFile Problem with directory [/usr/share/tomcat8/common/classes], exists: [false], isDirectory: [false], canRead: [false]
17-Apr-2016 19:13:21.108 WARNING [main] org.apache.catalina.startup.ClassLoaderFactory.validateFile Problem with directory [/usr/share/tomcat8/common], exists: [false], isDirectory: [false], canRead: [false]
17-Apr-2016 19:13:21.113 WARNING [main] org.apache.catalina.startup.ClassLoaderFactory.validateFile Problem with directory [/usr/share/tomcat8/server/classes], exists: [false], isDirectory: [false], canRead: [false]
17-Apr-2016 19:13:21.114 WARNING [main] org.apache.catalina.startup.ClassLoaderFactory.validateFile Problem with directory [/usr/share/tomcat8/server], exists: [false], isDirectory: [false], canRead: [false]
17-Apr-2016 19:13:21.117 WARNING [main] org.apache.catalina.startup.ClassLoaderFactory.validateFile Problem with directory [/usr/share/tomcat8/shared/classes], exists: [false], isDirectory: [false], canRead: [false]
17-Apr-2016 19:13:21.119 WARNING [main] org.apache.catalina.startup.ClassLoaderFactory.validateFile Problem with directory [/usr/share/tomcat8/shared], exists: [false], isDirectory: [false], canRead: [false]
17-Apr-2016 19:13:21.280 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.0.14 (Debian)
17-Apr-2016 19:13:21.282 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:   Dec 18 2015 02:43:21
17-Apr-2016 19:13:21.284 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:  8.0.14.0
17-Apr-2016 19:13:21.286 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:        Linux
17-Apr-2016 19:13:21.290 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:     3.16.0-4-amd64
17-Apr-2016 19:13:21.291 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:   amd64
17-Apr-2016 19:13:21.291 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:    1.8.0_72-internal-b15
17-Apr-2016 19:13:21.292 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:     Oracle Corporation
17-Apr-2016 19:13:22.093 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
17-Apr-2016 19:13:22.124 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
17-Apr-2016 19:13:22.132 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"]
17-Apr-2016 19:13:22.140 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
17-Apr-2016 19:13:22.149 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 983 ms
17-Apr-2016 19:13:22.197 INFO [main] org.apache.catalina.core.StandardService.startInternal Démarrage du service Catalina
17-Apr-2016 19:13:22.200 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.14 (Debian)
17-Apr-2016 19:13:22.244 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDescriptor Déploiement du descripteur de configuration /etc/tomcat8/Catalina/localhost/manager.xml
17-Apr-2016 19:13:23.360 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
17-Apr-2016 19:13:23.487 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDescriptor Deployment of configuration descriptor /etc/tomcat8/Catalina/localhost/manager.xml has finished in 1 242 ms
17-Apr-2016 19:13:23.489 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDescriptor Déploiement du descripteur de configuration /etc/tomcat8/Catalina/localhost/host-manager.xml
17-Apr-2016 19:13:23.990 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
17-Apr-2016 19:13:23.999 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDescriptor Deployment of configuration descriptor /etc/tomcat8/Catalina/localhost/host-manager.xml has finished in 510 ms
17-Apr-2016 19:13:24.000 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Déploiement de l'archive /var/lib/tomcat8/webapps/webapp.war de l'application web
17-Apr-2016 19:13:44.278 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive /var/lib/tomcat8/webapps/webapp.war has finished in 20 278 ms
17-Apr-2016 19:13:44.279 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Déploiement du répertoire /var/lib/tomcat8/webapps/ROOT de l'application web
17-Apr-2016 19:13:44.772 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
17-Apr-2016 19:13:44.775 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /var/lib/tomcat8/webapps/ROOT has finished in 496 ms
17-Apr-2016 19:13:44.785 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
17-Apr-2016 19:13:44.800 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
17-Apr-2016 19:13:44.801 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 22651 ms

catalina.out: catalina.out:

avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
AVERTISSEMENT: Problem with directory [/usr/share/tomcat8/common/classes], exists: [false], isDirectory: [false], canRead: [false]
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
AVERTISSEMENT: Problem with directory [/usr/share/tomcat8/common], exists: [false], isDirectory: [false], canRead: [false]
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
AVERTISSEMENT: Problem with directory [/usr/share/tomcat8/server/classes], exists: [false], isDirectory: [false], canRead: [false]
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
AVERTISSEMENT: Problem with directory [/usr/share/tomcat8/server], exists: [false], isDirectory: [false], canRead: [false]
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
AVERTISSEMENT: Problem with directory [/usr/share/tomcat8/shared/classes], exists: [false], isDirectory: [false], canRead: [false]
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
AVERTISSEMENT: Problem with directory [/usr/share/tomcat8/shared], exists: [false], isDirectory: [false], canRead: [false]
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFOS: Server version: Apache Tomcat/8.0.14 (Debian)
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFOS: Server built:   Dec 18 2015 02:43:21
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFOS: Server number:  8.0.14.0
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFOS: OS Name:        Linux
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFOS: OS Version:     3.16.0-4-amd64
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFOS: Architecture:   amd64
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFOS: JVM Version:    1.8.0_72-internal-b15
avr. 17, 2016 7:13:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFOS: JVM Vendor:     Oracle Corporation
avr. 17, 2016 7:13:22 PM org.apache.coyote.AbstractProtocol init
INFOS: Initializing ProtocolHandler ["http-nio-8080"]
avr. 17, 2016 7:13:22 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector
INFOS: Using a shared selector for servlet write/read
avr. 17, 2016 7:13:22 PM org.apache.coyote.AbstractProtocol init
INFOS: Initializing ProtocolHandler ["ajp-nio-8009"]
avr. 17, 2016 7:13:22 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector
INFOS: Using a shared selector for servlet write/read
avr. 17, 2016 7:13:22 PM org.apache.catalina.startup.Catalina load
INFOS: Initialization processed in 983 ms
avr. 17, 2016 7:13:22 PM org.apache.catalina.core.StandardService startInternal
INFOS: Démarrage du service Catalina
avr. 17, 2016 7:13:22 PM org.apache.catalina.core.StandardEngine startInternal
INFOS: Starting Servlet Engine: Apache Tomcat/8.0.14 (Debian)
avr. 17, 2016 7:13:22 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFOS: Déploiement du descripteur de configuration /etc/tomcat8/Catalina/localhost/manager.xml
avr. 17, 2016 7:13:23 PM org.apache.jasper.servlet.TldScanner scanJars
INFOS: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
avr. 17, 2016 7:13:23 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFOS: Deployment of configuration descriptor /etc/tomcat8/Catalina/localhost/manager.xml has finished in 1 242 ms
avr. 17, 2016 7:13:23 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFOS: Déploiement du descripteur de configuration /etc/tomcat8/Catalina/localhost/host-manager.xml
avr. 17, 2016 7:13:23 PM org.apache.jasper.servlet.TldScanner scanJars
INFOS: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
avr. 17, 2016 7:13:23 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFOS: Deployment of configuration descriptor /etc/tomcat8/Catalina/localhost/host-manager.xml has finished in 510 ms
avr. 17, 2016 7:13:24 PM org.apache.catalina.startup.HostConfig deployWAR
INFOS: Déploiement de l'archive /var/lib/tomcat8/webapps/webapp.war de l'application web
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
avr. 17, 2016 7:13:44 PM org.apache.catalina.startup.HostConfig deployWAR
INFOS: Deployment of web application archive /var/lib/tomcat8/webapps/webapp.war has finished in 20 278 ms
avr. 17, 2016 7:13:44 PM org.apache.catalina.startup.HostConfig deployDirectory
INFOS: Déploiement du répertoire /var/lib/tomcat8/webapps/ROOT de l'application web
avr. 17, 2016 7:13:44 PM org.apache.jasper.servlet.TldScanner scanJars
INFOS: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
avr. 17, 2016 7:13:44 PM org.apache.catalina.startup.HostConfig deployDirectory
INFOS: Deployment of web application directory /var/lib/tomcat8/webapps/ROOT has finished in 496 ms
avr. 17, 2016 7:13:44 PM org.apache.coyote.AbstractProtocol start
INFOS: Starting ProtocolHandler ["http-nio-8080"]
avr. 17, 2016 7:13:44 PM org.apache.coyote.AbstractProtocol start
INFOS: Starting ProtocolHandler ["ajp-nio-8009"]
avr. 17, 2016 7:13:44 PM org.apache.catalina.startup.Catalina start
INFOS: Server startup in 22651 ms

localhost.2016-04-17.log:本地主机.2016-04-17.log:

17-Apr-2016 19:13:27.821 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Spring WebApplicationInitializers detected on classpath: [com.j2bb.labs.configuration.initializer.SpringSecurityInitializer@6a81961e, com.j2bb.labs.configuration.initializer.SpringConfigurationInitializer@42c443c6]
17-Apr-2016 19:13:28.043 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Initializing Spring root WebApplicationContext
17-Apr-2016 19:13:44.181 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Initializing Spring FrameworkServlet 'dispatcher'

3 个解决方案

解决方案1
 1  2016-04-20 10:04:59

Finally, I a found the real problem !终于,我发现了真正的问题!

In my Spring Security configuration, I have and ".httpBasic()" defined.在我的 Spring Security 配置中,我定义了“.httpBasic()”。 So I disabled it and it works fine : .and.httpBasic().disable()所以我禁用了它并且它工作正常:.and.httpBasic().disable()

This topic help me : Disable Basic Authentication while using Spring Security Java configuration本主题帮助我: 在使用 Spring Security Java 配置时禁用基本身份验证

Thanks for your help Kanchome99 !!感谢您的帮助 Kanchome99 !

解决方案2
 0  2016-04-17 17:38:39

Tomcat服务假设默认使用8080端口,我认为问题可能与Apache设置有关,请您检查httpd中的conf吗?

解决方案3
 0  2018-01-28 22:43:20

Add this code auth.eraseCredentials(true);添加此代码 auth.eraseCredentials(true); in your webscruty config class :在您的 webscruty 配置类中:

@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter{ @EnableWebSecurity 公共类 SecurityConfig 扩展了 WebSecurityConfigurerAdapter{

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth
        .eraseCredentials(true);
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Tomcat中进行领域配置以进行表单身份验证 - Realm configuration in tomcat for forms authentication Tomcat Realm身份验证-登录后 - Tomcat Realm Authentication - After login 收听tomcat领域认证事件 - Listen to tomcat realm authentication events 如何基于表单的身份验证(tomcat领域),如何强制tomcat始终将第一个请求重定向到登录页面 - how to force tomcat to always redirect the 1st request to login page in case of form based authentication(tomcat realm) Apache Tomcat Realm两种身份验证方法 - Apache Tomcat Realm two authentication method 用于基于表单的身份验证的Tomcat 7领域配置 - Tomcat 7 realm configuration for form based authentication 使用apache tomcat 7进行LDAP(JNDI Realm)身份验证 - LDAP (JNDI Realm) authentication with apache tomcat 7 如何在Tomcat中调试领域功能? - How to debug realm feature in Tomcat? 如何在与Tomcat的战争中交付Realm? - How to deliver Realm with the war with Tomcat? Tomcat 8.5 JDBC Realm 带有消化的加盐密码:身份验证失败 - Tomcat 8.5 JDBC Realm with digested salted password: authentication fails
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM