Tomcat 6-如何配置摘要SHA-256
[英]Tomcat 6 - How to Configure Digest SHA-256
问题描述
I am using Tomcat 6 and currently have forms authentication working as clear text passwords in a MySql database. 
我正在使用Tomcat 6,目前在MySql数据库中以明文密码的形式进行身份验证。 I have added encryption to the password to hash the password in SHA-256 and it seems to work but when I try to authenticate via Tomcat 6 using the digest="SHA-256" and digestEncoding="base64" in server.xml, it will not authenticate. 我已经在密码中添加了加密功能以对SHA-256中的密码进行哈希处理,并且它似乎可以正常工作,但是当我尝试使用server.xml中的digest =“ SHA-256”和digestEncoding =“ base64”通过Tomcat 6进行身份验证时,它将不进行身份验证。 If I copy the password from the database and enter it into the password field, I can authenticate my user. 如果我从数据库中复制密码并将其输入到“密码”字段中,则可以对我的用户进行身份验证。
How to I get Tomcat to allow me to authenticate a user with a normal password but a stored hash password in MySql? 如何让Tomcat允许我使用普通密码但在MySql中存储的哈希密码对用户进行身份验证?
Here is the hashing code that I added to my application: 这是我添加到应用程序中的哈希码:
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
byte bin[] = messageDigest.digest(password.getBytes("UTF-8"));
return Base64.encodeBase64String(bin);
1 个解决方案
解决方案1
1 已采纳 2013-01-18 15:23:56
The answer to this is pretty simple actually - create a custom Tomcat realm. 答案实际上很简单-创建一个自定义Tomcat领域。 The realm is the part that does the actual authentication and if you want to test against your database (especially if encrypted or hashed) the realm authentication method is what you have to override. 领域是执行实际身份验证的部分,如果要针对数据库进行测试(尤其是经过加密或哈希处理),则必须重写领域身份验证方法。
See http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/ 参见http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.