tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: a question about Realm config
Date Thu, 01 Jun 2017 14:37:03 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ophusky,

On 6/1/17 5:09 AM, ophusky wrote:
> Thank you very much! I according to what you said it and solved the
> problem. I have modified  CATALINA_HOME/conf/server.xml to :
> 
> <Context path="/sample"
> docBase="/home/coremail/tomcat/webapps_exp/sample"> <Realm
> className="org.apache.catalina.realm.LockOutRealm"> <Realm
> className="org.apache.catalina.realm.UserDatabaseRealm" 
> resourceName="UserDatabase" digest="MD5"/> </Realm> <Valve
> className="org.apache.catalina.authenticator.DigestAuthenticator"
> validateUri="false"/> </Context>
> 
> Everything is all right,thanks again!

I'd highly recommend removing the URL rewriting if possible. Either
remove the leading /tomcat from your URI space on the proxy or re-name
your application's WAR (or exploded WAR directory) to
tomcat#sample.war (or tomcat#sample directory).

- -chris

> 发件人:Mark Thomas <markt@apache.org> 发送时间:2017-06-01 15:50 主题:Re:
a
> question about Realm config 收件人:"Tomcat Users
> List"<users@tomcat.apache.org> 抄送:
> 
> This time to the list...
> 
> On 01/06/17 08:02, ophusky wrote:
>> Tomcat version:8.0.43.0 Nginx  version:openresty/1.11.2.2 
>> OS:CentOS Linux release 7.3.1611 (Core)
>> 
>> I have already configure tomcat to use the DIGEST certification,
>>  When I have direct access to Tomcat  all normal, 
>> http://192.168.122.130:8080/sample/test/test.html  can trigger
>> the certification and passed. But when I through the nginx proxy
>> access, http://192.168.122.130/tomcat/sample/test/test.html
>> have a few problems,can trigger the certification but can't
>> passed ,repeated authentication dialog.
> 
> <snip/>
> 
>> nginx.conf
>> 
>> location ~ /tomcat/ { rewrite ^/tomcat/(.*) /$1 break; proxy_pass
>> http://192.168.122.130:8080; }
>> 
>> Why cannot be accessed through the nginx and certified ? please
>> help me ,thanks!
> 
> The request URL forms part of the DIGEST authentication process. By
>  changing it in the reverse proxy, you are breaking the
> authentication process.
> 
> You can disable the URI validation. See the validateUri attribute
> in 
> http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Digest_Authe
nticator_Valve/Attributes
> 
> 
> Mark
> 
> ---------------------------------------------------------------------
>  To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For
> additional commands, e-mail: users-help@tomcat.apache.org
> 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZMCaPAAoJEBzwKT+lPKRYO9sQAMTdzpfJDX/tjcYErAbZl4Rb
tG22YjSGdlfS1mAx+4CPX+zOnCiaA4vyl3QtEQ3vfPSGfdMq+Rcl/LObMChNQ3Gs
zkZBtdUCPx70bNRTCndtBHKzLjbPJkBqtE5WMytOMKH41PMlIj8ZISBE04G8D/KK
nqnsxlerm36W7TSR7gLieIZWd0mgJwQ/5UlsTcdJRq8YhQ2LFSARt2sZGK00p+qM
rJKsbnaVXodq0vVHBinibBmnotRZsvIdvqAZerv8WUKCj4doKaDv4XLM0vEuQIBY
bjRc8n/etyTSgSIS7P2anPYlN8T6DhA/8Pafh8DFfiRXygtxIp0brYwrHjNpvpEc
i0rzlVo8zf6lKN3WEFFAlHxsRDr5N+7K92uATdCpXIxH9uSR7xIYhl7fvAC9pDJ0
Vrf4Rc/pxVBvggpXeKYWbP2/m/T4E4nqCGHSW4T2Xji/FWM6LkdNW7mfPF8mPRdt
qORmDpbvygEhOG3qbjBgPpArjVsvgVS48/B4zO3GyeZS9VZiB+6u9V8+yD4fzIcf
Eohh4l2CuRgGatntehjkRM2bqdYgTXeseWUskXvZlMkx2gjHH5N6XyNcQsfvUxNl
mbh3HSKGZDU59AhqNS9Vqi5IQrhl7SuXKseW2tU+m8k8Z1nEvEtyYpl8BSNYuA7q
tnNhJ5OzWVIm63uHUmXG
=nWiX
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message