Tomcat + HTTPS: webapps/manager/html
0
悬赏园豆:10
[待解决问题]
Tomcat版本: 7.0.55
=================================================
Question 1.
配置好了HTTP ==> HTTPS的跳转,让所有webapps都在HTTPS下传输数据以及认证。
1. http://localhost:8080/manager 跳转成功 https://localhost:8008/manager/... (如图),并弹出一个窗口,让输入manager的用户名和密码。
2. http://localhost:8080/manager/html 跳转失败 http://localhost:8008/manager/html (如图),他们出一个窗口,让输入manager的用户名和密码。
配置:
* 为了让webapps下面所有的application都在https下传输数据,我在tomcat/conf/web.xml的最后加入了:
1 <login-config> 2 <!-- Authorization setting for SSL --> 3 <auth-method>CLIENT-CERT</auth-method> 4 <realm-name>Client Cert Users-only Area</realm-name> 5 </login-config> 6 <security-constraint> 7 <!-- Authorization setting for SSL --> 8 <web-resource-collection > 9 <web-resource-name >SSL</web-resource-name> 10 <url-pattern>/*</url-pattern> 11 </web-resource-collection> 12 <user-data-constraint> 13 <transport-guarantee>CONFIDENTIAL</transport-guarantee> 14 </user-data-constraint> 15 </security-constraint>
这样就实现了以上“1”里的跳转。但是“2”里头的跳转却没有实现。
尝试过很多方法,例如:把以上代码去掉,在每个webappas/applicationName/web.xml的最后加入以上代码,把basic authentication method那一段去掉。。。都不行
同样的配置,在本地或者远程服务器上都不行。所以推测是我的配置有问题。
=================================================
Question 2.
另一个比较诡异的问题是:同样的tomcat-users.xml,在本地没问题,但在远程服务器上就不能通过验证。输入用户名和密码,然后回车。认证窗口会重新弹出,让你输入用户名和密码。试过很多网上找到的配置,都不行。
以下是tomcat/conf/tomcat-users.xml
1 <?xml version='1.0' encoding='cp936'?> 2 <!-- 3 Licensed to the Apache Software Foundation (ASF) under one or more 4 contributor license agreements. See the NOTICE file distributed with 5 this work for additional information regarding copyright ownership. 6 The ASF licenses this file to You under the Apache License, Version 2.0 7 (the "License"); you may not use this file except in compliance with 8 the License. You may obtain a copy of the License at 9 10 http://www.apache.org/licenses/LICENSE-2.0 11 12 Unless required by applicable law or agreed to in writing, software 13 distributed under the License is distributed on an "AS IS" BASIS, 14 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 See the License for the specific language governing permissions and 16 limitations under the License. 17 --> 18 <tomcat-users> 19 <!-- 20 NOTE: By default, no user is included in the "manager-gui" role required 21 to operate the "/manager/html" web application. If you wish to use this app, 22 you must define such a user - the username and password are arbitrary. 23 --> 24 <!-- 25 NOTE: The sample user and role entries below are wrapped in a comment 26 and thus are ignored when reading this file. Do not forget to remove 27 <!.. ..> that surrounds them. 28 --> 29 <!-- 30 <role rolename="tomcat"/> 31 <role rolename="role1"/> 32 <user username="tomcat" password="tomcat" roles="tomcat"/> 33 <user username="both" password="tomcat" roles="tomcat,role1"/> 34 <user username="role1" password="tomcat" roles="role1"/> 35 --> 36 37 <!-- set manager account --> 38 <role rolename="manager-gui"/> 39 <user username="manager" password="xxx" roles="manager-gui"/> 40 41 <!-- set host-manager account --> 42 <role rolename="admin-gui"/> 43 <user username="host-manager" password="xxx" roles="admin-gui"/> 44 </tomcat-users>
也试过:
1 <?xml version='1.0' encoding='utf-8'?> 2 <!-- 3 Licensed to the Apache Software Foundation (ASF) under one or more 4 contributor license agreements. See the NOTICE file distributed with 5 this work for additional information regarding copyright ownership. 6 The ASF licenses this file to You under the Apache License, Version 2.0 7 (the "License"); you may not use this file except in compliance with 8 the License. You may obtain a copy of the License at 9 10 http://www.apache.org/licenses/LICENSE-2.0 11 12 Unless required by applicable law or agreed to in writing, software 13 distributed under the License is distributed on an "AS IS" BASIS, 14 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 See the License for the specific language governing permissions and 16 limitations under the License. 17 --> 18 <tomcat-users> 19 <!-- 20 <role rolename="manager"/> 21 <role rolename="admin"/> 22 <user username="admin" password="xxxx" roles="admin,manager"/> 23 --> 24 25 <!-- 26 NOTE: By default, no user is included in the "manager-gui" role required 27 to operate the "/manager/html" web application. If you wish to use this app, 28 you must define such a user - the username and password are arbitrary. 29 --> 30 <!-- 31 NOTE: The sample user and role entries below are wrapped in a comment 32 and thus are ignored when reading this file. Do not forget to remove 33 <!.. ..> that surrounds them. 34 --> 35 36 <role rolename="tomcat"/> 37 <role rolename="role1"/> 38 <role rolename="manager-gui" /> 39 <role rolename="admin-gui"/> 40 <user username="tomcat" password="xxx" roles="tomcat"/> 41 <user username="both" password="xxx" roles="tomcat,role1"/> 42 <user username="role1" password="xxx" roles="role1"/> 43 <user username="manager" password="xxx" roles="manager-gui" /> 44 <user username="hostmanager" password="xxx" roles="admin-gui"/> 45 46 47 </tomcat-users>
webapps/manager/WEB_INF/web.xml 默认的配置没有改动:
1 <!-- Define the Login Configuration for this Application --> 2 <login-config> 3 <auth-method>BASIC</auth-method> 4 <realm-name>Tomcat Manager Application</realm-name> 5 </login-config>
如果把以上默认的webapps/manager/WEB_INF/web.xml配置方法用
1 <login-config> 2 <!-- Authorization setting for SSL --> 3 <auth-method>CLIENT-CERT</auth-method> 4 <realm-name>Client Cert Users-only Area</realm-name> 5 </login-config> 6 <security-constraint> 7 <!-- Authorization setting for SSL --> 8 <web-resource-collection > 9 <web-resource-name >SSL</web-resource-name> 10 <url-pattern>/*</url-pattern> 11 </web-resource-collection> 12 <user-data-constraint> 13 <transport-guarantee>CONFIDENTIAL</transport-guarantee> 14 </user-data-constraint> 15 </security-constraint>
替换,会报错。
=================================================
希望尽快得到帮助!先谢谢大家啦!
