tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ophusky"<ophu...@163.com>
Subject Re: Re: a question about Realm config
Date Thu, 01 Jun 2017 09:09:01 GMT
Thank you very much! I according to what you said it and solved the problem. 
I have modified  CATALINA_HOME/conf/server.xml to :

<Context path="/sample" docBase="/home/coremail/tomcat/webapps_exp/sample">
                <Realm className="org.apache.catalina.realm.LockOutRealm">
                <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                     resourceName="UserDatabase" digest="MD5"/>  
                </Realm>
                <Valve className="org.apache.catalina.authenticator.DigestAuthenticator"
validateUri="false"/> 
            </Context>

Everything is all right,thanks again!

2017-06-01 

ophusky 



发件人:Mark Thomas <markt@apache.org>
发送时间:2017-06-01 15:50
主题:Re: a question about Realm config
收件人:"Tomcat Users List"<users@tomcat.apache.org>
抄送:

This time to the list... 

On 01/06/17 08:02, ophusky wrote: 
> Tomcat version:8.0.43.0 
> Nginx  version:openresty/1.11.2.2 
> OS:CentOS Linux release 7.3.1611 (Core) 
>  
> I have already configure tomcat to use the DIGEST certification, 
> When I have direct access to Tomcat  all normal, 
> http://192.168.122.130:8080/sample/test/test.html  can trigger the 
> certification and passed. 
> But when I through the nginx proxy access, 
> http://192.168.122.130/tomcat/sample/test/test.html   have a few 
> problems,can trigger the certification but can't passed ,repeated 
> authentication dialog. 

<snip/> 

> nginx.conf 
>  
> location ~ /tomcat/ { 
>             rewrite ^/tomcat/(.*) /$1 break; 
>             proxy_pass http://192.168.122.130:8080; 
> } 
>  
> Why cannot be accessed through the nginx and certified ? please help me 
> ,thanks! 

The request URL forms part of the DIGEST authentication process. By 
changing it in the reverse proxy, you are breaking the authentication 
process. 

You can disable the URI validation. See the validateUri attribute in 
http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Digest_Authenticator_Valve/Attributes


Mark 

--------------------------------------------------------------------- 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org 
For additional commands, e-mail: users-help@tomcat.apache.org 
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message