JDBCRealm Http Digest

JDBCRealm

授权信息存在关系数据库中, 通过JDBC驱动访问

数据库中必须至少有两张表，表示用户及角色

用户表必须至少有两个字段，用户名及密码

角色表必须至少有两个字段，用户名及角色

[html] view plaincopy

CREATE TABLE users (

user_name VARCHAR(15) NOT NULL PRIMARY KEY,

user_pass VARCHAR(15) NOT NULL

);

CREATE TABLE user_roles (

user_name VARCHAR(15) NOT NULL,

role_name VARCHAR(15) NOT NULL,

PRIMARY KEY (user_name, role_name)

);

[html] view plaincopy

<Realm className="org.apache.catalina.realm.JDBCRealm"

driverName="org.gjt.mm.mysql.Driver"

connectionURL="jdbc:mysql://localhost/authority?user=dbuser&password=dbpass"

userTable="users" userNameCol="user_name" userCredCol="user_pass"

userRoleTable="user_roles" roleNameCol="role_name"/>

Password to be recognized by Tomcat when the user logs in. This value may in cleartext or digested - see below for more information.

create table users (

user_name varchar(15) not null primary key,

user_pass varchar(15) not null

);

create table user_roles (

user_name varchar(15) not null,

role_name varchar(15) not null,

primary key (user_name, role_name)

);

$CATALINA_BASE/conf/server.xml

<Realm className="org.apache.catalina.realm.JDBCRealm"

driverName="org.gjt.mm.mysql.Driver"

connectionURL="jdbc:mysql://localhost/test?user=root&password=root"

userTable="users" userNameCol="user_name" userCredCol="user_pass"

userRoleTable="user_roles" roleNameCol="role_name"/>

ost Tomcat packages include a script ($TOMCAT_HOME/bin/digest.shor .bat for Windows)that can be used to create a one-way digest of a

password.I use this, in conjunction with file permissions, to protect

the Tomcat manager password in$TOMCAT_HOME/conf/tomcat-users.xmlfrom prying eyes.

1.To use SHA, update$TOMCAT_HOME/conf/server.xmlso that:

resourceName="UserDatabase"/>

reads

digest="SHA" resourceName="UserDatabase"/>

2.Then create your digest by running (replacingcredentialswith the password you want to digest):$TOMCAT_HOME/bin/digest -a SHA credentials

This will output the plaintext and then the digested form of the credentials separated by a colon – e.g. for ‘foo’:foo:0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33

3.Take the second part and place this into thepasswordattribute of theuserelement intomcat-users.xml– e.g.:

password="0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33"

roles="admin,manager"/>

4.Restart Tomcat for it to take effect.

Fromhttp://leanjavaengineering.wordpress.

D:\Ken\httpauth\bin>digest.bat -a md5 654123

654123:bf9f8d1f05dc08cc3b02e8fcf2c2ba57

D:\Ken\httpauth\bin>digest.bat -a md5 123456

123456:e10adc3949ba59abbe56e057f20f883e

D:\Ken\httpauth\bin>digest.bat -a md5 t:Realm:123456

t:Realm:123456:6a6f14de4691b088f3deb84b14fa0612

D:\Ken\httpauth\bin>

D:\Ken\httpauth\bin>digest.bat -a md5 654123

654123:bf9f8d1f05dc08cc3b02e8fcf2c2ba57

D:\Ken\httpauth\bin>digest.bat -a md5 123456

123456:e10adc3949ba59abbe56e057f20f883e

D:\Ken\httpauth\bin>digest.bat -a md5 t:Realm:123456

t:Realm:123456:6a6f14de4691b088f3deb84b14fa0612

D:\Ken\httpauth\bin>digest.bat -a md5 t:WebApi:123456

t:WebApi:123456:bb80940c5ff834aef1b2652eddcef09c

D:\Ken\httpauth\bin>

Http Digest认证中

1．Java/Android可以通过httpcomponents组件完成Digest认证

2．认证相关的角色及用户信息 可配置在数据库中存储,且密码字段可加密。