如何将 MySQL 配置为 Tomcat 9 用户凭据领域
How to configure MySQL as Tomcat 9 realm for user credentials
我正在尝试将 MySQL 用户 table 作为领域连接到我的 Tomcat 9。用户和角色在 2 table 秒内管理,因为您可以在下面的领域配置中看到。密码经过 MD5 散列和 Base64 编码。
不幸的是,我没有正确理解运行。
领域配置:
<!-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack -->
<!--<Realm className="org.apache.catalina.realm.LockOutRealm"> -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<!--<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>-->
<!-- Custom realm for user database -->
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="com.mysql.cj.jdbc.Driver"
connectionURL="jdbc:mysql://mysqlserver.example.com:3306/database?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC&verifyServerCertificate=false&useSSL=true&requireSSL=true&autoReconnect=true"
connectionName="MYSQLDB"
connectionPassword="MYSQL_PASSWORD"
userTable="myuser" userNameCol="username" userCredCol="password"
userRoleTable="myuser_roles" roleNameCol="role"/>
<CredentialHandler
className="org.apache.catalina.realm.MessageDigestCredentialHandler"
algorithm="{MD5}encodedCredential"
iterations="1"
saltLength="0"/>
<!-- </Realm> -->
作品:
当我将密码以纯文本形式保存在数据库中并从配置中删除 CrendetialHandler 时,它起作用了。所以,数据库 connection/configuration 似乎是正确的。
不工作:
一旦密码被散列和编码保存,它就不再起作用了。我尝试了几个 CredentialHandler 设置,但总是出错,例如最新的:
WARNING [main] org.apache.tomcat.util.digester.Digester.endElement No rules found matching [Server/Service/Engine/CredentialHandler]
或
WARNING [main] org.apache.catalina.realm.CombinedRealm.setCredentialHandler A CredentialHandler was set on an instance of the CombinedRealm (or a sub-class of CombinedRealm). CombinedRealm doesn't use a configured CredentialHandler. Is this a configuration error?
如您所见,我还尝试将现有的注销域注释掉或将 CrendentialHandler 放入其中。尽管如此,它仍然不起作用。
我能做什么?
提前致谢!
您的“CredentialHandler”位于您的“领域”之外这可能是您的问题之一(您在“roleNameCol”的末尾关闭了领域)。我还将我的代码中的算法简单地列为“MD5”与您展示的算法。这也可能是个问题。
我会像下面这样修复它(为了更清楚,我明确关闭了“CredentialHandler”和“Realm”):
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="com.mysql.cj.jdbc.Driver"
connectionURL="jdbc:mysql://mysqlserver.example.com:3306/database?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC&verifyServerCertificate=false&useSSL=true&requireSSL=true&autoReconnect=true"
connectionName="MYSQLDB"
connectionPassword="MYSQL_PASSWORD"
userTable="myuser" userNameCol="username" userCredCol="password"
userRoleTable="myuser_roles" roleNameCol="role">
<CredentialHandler
className="org.apache.catalina.realm.MessageDigestCredentialHandler"
algorithm="{MD5}encodedCredential"
iterations="1"
saltLength="0">
</CredentialHandler>
</Realm>
我正在尝试将 MySQL 用户 table 作为领域连接到我的 Tomcat 9。用户和角色在 2 table 秒内管理,因为您可以在下面的领域配置中看到。密码经过 MD5 散列和 Base64 编码。
不幸的是,我没有正确理解运行。
领域配置:
<!-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack -->
<!--<Realm className="org.apache.catalina.realm.LockOutRealm"> -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<!--<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>-->
<!-- Custom realm for user database -->
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="com.mysql.cj.jdbc.Driver"
connectionURL="jdbc:mysql://mysqlserver.example.com:3306/database?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC&verifyServerCertificate=false&useSSL=true&requireSSL=true&autoReconnect=true"
connectionName="MYSQLDB"
connectionPassword="MYSQL_PASSWORD"
userTable="myuser" userNameCol="username" userCredCol="password"
userRoleTable="myuser_roles" roleNameCol="role"/>
<CredentialHandler
className="org.apache.catalina.realm.MessageDigestCredentialHandler"
algorithm="{MD5}encodedCredential"
iterations="1"
saltLength="0"/>
<!-- </Realm> -->
作品:
当我将密码以纯文本形式保存在数据库中并从配置中删除 CrendetialHandler 时,它起作用了。所以,数据库 connection/configuration 似乎是正确的。
不工作:
一旦密码被散列和编码保存,它就不再起作用了。我尝试了几个 CredentialHandler 设置,但总是出错,例如最新的:
WARNING [main] org.apache.tomcat.util.digester.Digester.endElement No rules found matching [Server/Service/Engine/CredentialHandler]
或
WARNING [main] org.apache.catalina.realm.CombinedRealm.setCredentialHandler A CredentialHandler was set on an instance of the CombinedRealm (or a sub-class of CombinedRealm). CombinedRealm doesn't use a configured CredentialHandler. Is this a configuration error?
如您所见,我还尝试将现有的注销域注释掉或将 CrendentialHandler 放入其中。尽管如此,它仍然不起作用。
我能做什么?
提前致谢!
您的“CredentialHandler”位于您的“领域”之外这可能是您的问题之一(您在“roleNameCol”的末尾关闭了领域)。我还将我的代码中的算法简单地列为“MD5”与您展示的算法。这也可能是个问题。
我会像下面这样修复它(为了更清楚,我明确关闭了“CredentialHandler”和“Realm”):
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="com.mysql.cj.jdbc.Driver"
connectionURL="jdbc:mysql://mysqlserver.example.com:3306/database?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC&verifyServerCertificate=false&useSSL=true&requireSSL=true&autoReconnect=true"
connectionName="MYSQLDB"
connectionPassword="MYSQL_PASSWORD"
userTable="myuser" userNameCol="username" userCredCol="password"
userRoleTable="myuser_roles" roleNameCol="role">
<CredentialHandler
className="org.apache.catalina.realm.MessageDigestCredentialHandler"
algorithm="{MD5}encodedCredential"
iterations="1"
saltLength="0">
</CredentialHandler>
</Realm>