3. UserDatabaseRealm + DIGEST認證
- Accesses authentication information stored in an UserDatabase JNDI resource, which is typically backed by an XML document (conf/tomcat-users.xml).
- 通過讀取XML格式的JNDI資源,獲取認證信息
3.1 創建Realm所需的數據表
mysqldump simple_service_book -uroot -p > security.sql
3.2 配置UserDatabaseRealm
$CATALINA_BASE/conf/server.xml
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
$CATALINA_BASE/conf/tomcat-users.xml
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
<role rolename="admin" />
<role rolename="user" />
<user name="eric" password="han" roles="admin" />
<user name="caroline" password="zhang" roles="user" />
</tomcat-users>
Eclipse內置Tomcat tomcat-users配置
3.3 數據庫驅動
$CATALINA_HOME/lib
M2_REPO/mysql/mysql-connector-java/5.1.25/mysql-connector-java-5.1.25.jar
3.4 配置應用的web.xml
/security-rest/src/main/webapp/WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<url-pattern>/webapi/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>UPDATE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/webapi/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
</login-config>
3.5 DIGEST認證
C:\Users\hanl.m2\repository\org\apache\tomcat\tomcat-catalina\7.0.42\tomcat-catalina-7.0.42-sources.jar
Realm.authenticate() 組合加密、比較都是在服務器端完成的。 md5(md5(username:realm:password):nonce:nc:cnonce:qop:md5(httpmethod:uri))
3.6 應用權限測試
DIGEST認證與BASIC認證的算法不同,但呈現方式相同。都是彈出窗口,讓用戶輸入用戶名和口令。