Thank you very much! I according to what you said it and solved the problem.
I have modified CATALINA_HOME/conf/server.xml to :
<Context path="/sample" docBase="/home/coremail/tomcat/webapps_exp/sample">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" digest="MD5"/>
</Realm>
<Valve
className="org.apache.catalina.authenticator.DigestAuthenticator"
validateUri="false"/>
</Context>
Everything is all right,thanks again!
2017-06-01
ophusky
发件人:Mark Thomas <[email protected]>
发送时间:2017-06-01 15:50
主题:Re: a question about Realm config
收件人:"Tomcat Users List"<[email protected]>
抄送:
This time to the list...
On 01/06/17 08:02, ophusky wrote:
> Tomcat version:8.0.43.0
> Nginx version:openresty/1.11.2.2
> OS:CentOS Linux release 7.3.1611 (Core)
>
> I have already configure tomcat to use the DIGEST certification,
> When I have direct access to Tomcat all normal,
> http://192.168.122.130:8080/sample/test/test.html can trigger the
> certification and passed.
> But when I through the nginx proxy access,
> http://192.168.122.130/tomcat/sample/test/test.html have a few
> problems,can trigger the certification but can't passed ,repeated
> authentication dialog.
<snip/>
> nginx.conf
>
> location ~ /tomcat/ {
> rewrite ^/tomcat/(.*) /$1 break;
> proxy_pass http://192.168.122.130:8080;
> }
>
> Why cannot be accessed through the nginx and certified ? please help me
> ,thanks!
The request URL forms part of the DIGEST authentication process. By
changing it in the reverse proxy, you are breaking the authentication
process.
You can disable the URI validation. See the validateUri attribute in
http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Digest_Authenticator_Valve/Attributes
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
