Apache Tomcat – Digest Authentication

13.02.2021
logicrafi
0

Digest Authentication

You can put a password hash, rather than plain text passwords, into the configuration file.
Changes need to be made to the ./conf/server.xml
You create a digest password using ./bin/digest.sh
Copy the digested password to the ./conf/tomcat-users.xml file.
Restart Tomcat.

Digest Authentication Changes required :

Change the ./conf/server.xml from this :

<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase">
</Realm>
</Realm>

To this:
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase">
<CredentialHandler 
className="org.apache.catalina.realm.MessageDigestCredentialHandler"
algorithm="sha-512"/>
</Realm>
</Realm>

To Create the sha-512 for a password of Passcord120120 (from the tomcat folder):

#bin/digest.sh -a sha-512 -h org.apache.catalina.realm.MessageDigestCredentialHandler
Passcord120120

This will returns the following:
Passcord120120:8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918

Go to /conf/tomcat-users.xml and replace this line:

<!-- for password “admin” -->
<user username="admin" 
password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" 
roles="manager-gui,manager,admin-gui">

Restart Tomcat and use curl to test :
curl -u admin: Passcord120120 http://localhost:8080/host-manager/text/list

END.

Categories: Apache, Linux, Middleware, Tomcat

Tags: apache, digest authentication, Linux, middleware, tomcat

Comments

Click here to cancel reply.