Apache Tomcat – Digest Authentication
Digest Authentication
You can put a password hash, rather than plain text passwords, into the configuration file.
Changes need to be made to the ./conf/server.xml
You create a digest password using ./bin/digest.sh
Copy the digested password to the ./conf/tomcat-users.xml file.
Restart Tomcat.
Digest Authentication Changes required :
Change the ./conf/server.xml from this :
<Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"> </Realm> </Realm>
To this: <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"> <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-512"/> </Realm> </Realm>
To Create the sha-512 for a password of Passcord120120 (from the tomcat folder):
#bin/digest.sh -a sha-512 -h org.apache.catalina.realm.MessageDigestCredentialHandler Passcord120120
This will returns the following:
Passcord120120:8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
Go to /conf/tomcat-users.xml and replace this line:
<!-- for password “admin” --> <user username="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" roles="manager-gui,manager,admin-gui">
Restart Tomcat and use curl to test :
curl -u admin: Passcord120120 http://localhost:8080/host-manager/text/list
END.
Categories: Apache, Linux, Middleware, Tomcat