Custom SpnegoAuthenticator worked with Tomcat 8 but gives 404 with Tomcat 9

huangapple
go评论68阅读模式
英文:

Custom SpnegoAuthenticator worked with Tomcat 8 but gives 404 with Tomcat 9

问题

项目使用Jetty开发,使用表单认证。文件login.jsp

<form method="post" action="j_security_check">
    <input type="text" name="j_username"/>
    <input type="password" name="j_password"/>
    <input type="submit" value="Login"/>
</form>

在生产环境中,它在Tomcat 8.0.53中发布,并使用自定义的SpnegoAuthenticator。文件conf/context.xml

<Context>
    <Valve className="com.CustomeSpnegoAuthenticator" />
</Context>

文件tomcat/application/WEB-INF/web.xml 包含以下内容:

<login-config>
    <auth-method>SPNEGO</auth-method>
    <realm-name>REALMNAME</realm-name>
    <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/loginError.jsp</form-error-page>
    </form-login-config>
</login-config>

在文件CustomeSpnegoAuthenticator.java中,初始化了一个FormAuthenticator,并进行了以下设置:

public class CustomeSpnegoAuthenticator extends org.apache.catalina.authenticator.SpnegoAuthenticator {
    private FormAuthenticator formAuthenticator = new FormAuthenticator();
    @Override
    public void setContainer(Container container) {
        try {
            super.setContainer(container);
            formAuthenticator.setContainer(container);
            formAuthenticator.setLandingPage("/home");
            formAuthenticator.start();
            log.info("formAuthenticator state: " + formAuthenticator.getState())
        } catch (LifecycleException ex) {
            log.error("Failed to start authenticators, reason: " + ex.getMessage(), ex);
        }
    }
    @Override
    protected String getAuthMethod() {
        return Constants.SPNEGO_METHOD;
    }
    @Override
    public boolean authenticate(Request request, HttpServletResponse response) throws IOException {
        // 处理用户名和密码
        // 返回结果
    }
}

这在Tomcat 8中运行良好,在localhost/application/j_security_check进行身份验证。但是在部署到Tomcat 9.0.20后,访问localhost/application/j_security_check会返回404错误,尽管在CustomeSpnegoAuthenticator.java中,formAuthenticator的状态为startedconf/context.xmlconf/web.xmlwebapps/application/WEB-INF/web.xml保持不变,唯一不同的是Tomcat版本。

是否有人知道可能的原因,或者如何进一步调试?

英文:

Project was developed with Jetty using Form Authentication. File login.jsp

<form method="post" action="j_security_check">
    <input type="text" name="j_username"/>
    <input type="password" name="j_password"/>
    <input type="submit" value="Login"/>
</form>

In production, it was published in Tomcat 8.0.53 and using a custom SpnegoAuthenticator . File conf/context.xml

<Context>
    <Valve className="com.CustomeSpnegoAuthenticator" />
</Context>

File tomcat/application/WEB-INF/web.xml includes these:

<login-config>
    <auth-method>SPNEGO</auth-method>
    <realm-name>REALMNAME</realm-name>
    <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/loginError.jsp</form-error-page>
    </form-login-config>
</login-config>

in file CustomeSpnegoAuthenticator.java, a FormAuthenticator is initialised and set up as below

public class CustomeSpnegoAuthenticator extends org.apache.catalina.authenticator.SpnegoAuthenticator {
    private FormAuthenticator formAuthenticator = new FormAuthenticator();
    @Override
    public void setContainer(Container container) {
        try {
            super.setContainer(container);
            formAuthenticator.setContainer(container);
            formAuthenticator.setLandingPage("/home");
            formAuthenticator.start();
            log.info("formAuthenticator state: " + formAuthenticator.getState())
        } catch (LifecycleException ex) {
            log.error("Failed to start authenticators, reason: " + ex.getMessage(), ex);
        }
    }
    @Override
    protected String getAuthMethod() {
        return Constants.SPNEGO_METHOD;
    }
    @Override
    public boolean authenticate(Request request, HttpServletResponse response) throws IOException {
        // process username and password
        // return result
    }
}

This worked well in Tomcat 8, authentication happens at localhost/application/j_security_check . But after deploying it in Tomcat 9.0.20, it starts giving 404 to localhost/application/j_security_check, although in CustomeSpnegoAuthenticator.java formAuthenticator's state is started. conf/context.xml, conf/web.xml,webapps/application/WEB-INF/web.xml are the same. Only Tomcat version is different.

Does anyone has any idea what might be the reason, or how can I debug further?

答案1

得分: 1

所以在阅读源代码后,我发现Tomcat 9中的认证器实现与Tomcat 8有些不同。他们用doAuthenticate替代了authenticate

所以解决方案在文件CustomeSpnegoAuthenticator.java中,将覆盖函数从authenticate更改为doAuthenticate。并且由于这一行:formAuthenticator.setLandingPage("/home");。在文件login.jsp中,操作应该是home/j_security_check

英文:

So after reading the source code, I found the implementation of authenticators in Tomcat 9 is a bit different from Tomcat 8. They replaced authenticate with doAuthenticate.

So the solution is in file CustomeSpnegoAuthenticator.java, change override function from authenticate to doAuthenticate. And because of this line: formAuthenticator.setLandingPage("/home");. In file login.jsp, action should be home/j_security_check.

huangapple
  • 本文由 发表于 2020年10月6日 20:01:04
  • 转载请务必保留本文链接:https://go.coder-hub.com/64225406.html
  • forms-authentication
  • java
  • spnego
  • tomcat
  • tomcat9
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定