-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ophusky,
On 6/1/17 5:09 AM, ophusky wrote: > Thank you very much! I according to what you said it and solved the > problem. I have modified CATALINA_HOME/conf/server.xml to : > > <Context path="/sample" > docBase="/home/coremail/tomcat/webapps_exp/sample"> <Realm > className="org.apache.catalina.realm.LockOutRealm"> <Realm > className="org.apache.catalina.realm.UserDatabaseRealm" > resourceName="UserDatabase" digest="MD5"/> </Realm> <Valve > className="org.apache.catalina.authenticator.DigestAuthenticator" > validateUri="false"/> </Context> > > Everything is all right,thanks again! I'd highly recommend removing the URL rewriting if possible. Either remove the leading /tomcat from your URI space on the proxy or re-name your application's WAR (or exploded WAR directory) to tomcat#sample.war (or tomcat#sample directory). - -chris > 发件人:Mark Thomas <ma...@apache.org> 发送时间:2017-06-01 15:50 主题:Re: a > question about Realm config 收件人:"Tomcat Users > List"<users@tomcat.apache.org> 抄送: > > This time to the list... > > On 01/06/17 08:02, ophusky wrote: >> Tomcat version:8.0.43.0 Nginx version:openresty/1.11.2.2 >> OS:CentOS Linux release 7.3.1611 (Core) >> >> I have already configure tomcat to use the DIGEST certification, >> When I have direct access to Tomcat all normal, >> http://192.168.122.130:8080/sample/test/test.html can trigger >> the certification and passed. But when I through the nginx proxy >> access, http://192.168.122.130/tomcat/sample/test/test.html >> have a few problems,can trigger the certification but can't >> passed ,repeated authentication dialog. > > <snip/> > >> nginx.conf >> >> location ~ /tomcat/ { rewrite ^/tomcat/(.*) /$1 break; proxy_pass >> http://192.168.122.130:8080; } >> >> Why cannot be accessed through the nginx and certified ? please >> help me ,thanks! > > The request URL forms part of the DIGEST authentication process. By > changing it in the reverse proxy, you are breaking the > authentication process. > > You can disable the URI validation. See the validateUri attribute > in > http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Digest_Authe nticator_Valve/Attributes > > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For > additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZMCaPAAoJEBzwKT+lPKRYO9sQAMTdzpfJDX/tjcYErAbZl4Rb tG22YjSGdlfS1mAx+4CPX+zOnCiaA4vyl3QtEQ3vfPSGfdMq+Rcl/LObMChNQ3Gs zkZBtdUCPx70bNRTCndtBHKzLjbPJkBqtE5WMytOMKH41PMlIj8ZISBE04G8D/KK nqnsxlerm36W7TSR7gLieIZWd0mgJwQ/5UlsTcdJRq8YhQ2LFSARt2sZGK00p+qM rJKsbnaVXodq0vVHBinibBmnotRZsvIdvqAZerv8WUKCj4doKaDv4XLM0vEuQIBY bjRc8n/etyTSgSIS7P2anPYlN8T6DhA/8Pafh8DFfiRXygtxIp0brYwrHjNpvpEc i0rzlVo8zf6lKN3WEFFAlHxsRDr5N+7K92uATdCpXIxH9uSR7xIYhl7fvAC9pDJ0 Vrf4Rc/pxVBvggpXeKYWbP2/m/T4E4nqCGHSW4T2Xji/FWM6LkdNW7mfPF8mPRdt qORmDpbvygEhOG3qbjBgPpArjVsvgVS48/B4zO3GyeZS9VZiB+6u9V8+yD4fzIcf Eohh4l2CuRgGatntehjkRM2bqdYgTXeseWUskXvZlMkx2gjHH5N6XyNcQsfvUxNl mbh3HSKGZDU59AhqNS9Vqi5IQrhl7SuXKseW2tU+m8k8Z1nEvEtyYpl8BSNYuA7q tnNhJ5OzWVIm63uHUmXG =nWiX -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
