我已经编写了一个自定义的tomcat阀门来解析HTTP标头并使用它们进行身份验证。该阀通过扩展AuthenticatorBase来工作。我编译了它,并将其放在$ CATALINA_HOME / lib中。这是代码:
public class TomcatLogin extends AuthenticatorBase { private String[] roleNames = null; private String ivcreds = null; private String ivuser = null; private String ivgroups = null; private GenericPrincipal principal = null; // Constructor defers to super class (Authenticator base) public TomcatLogin(){ super(); } protected boolean doAuthenticate(Request request, HttpServletResponse response) { List<String> groupsList = null; System.out.println("Obtaining Headers from Request"); try { ivuser = request.getHeader("iv-user"); ivcreds = request.getHeader("iv-creds"); ivgroups = request.getHeader("iv-groups"); } catch(Exception e) { e.printStackTrace(); } // Require all header credentials for proper authentication if(ivuser == null || ivcreds == null || ivgroups == null) return false; // Split ivgroups by comma seporated value // Then remove head and tail quotation marks roleNames = ivgroups.split(","); for(int i=0; i<roleNames.length; i++){ roleNames[i] = roleNames[i].substring(1, roleNames[i].length()-1 ); groupsList.add(roleNames[i]); } principal = new GenericPrincipal(ivuser, ivcreds, groupsList); request.setUserPrincipal(principal); return true; } public String getAuthMethod() { return "HTTPAuthenticator"; } }
然后,我告诉Tomcat使用server.xml中的阀门。扩展AuthenticatorBase 的文档说, 使用此类时,其所属的上下文(或层次结构中的父容器)必须具有关联的领域,该领域可用于验证用户并枚举已分配给他们的角色 。我以为我已经正确配置了它,但是它抛出了错误并且Tomcat无法启动。这是server.xml配置:
server.xml
<?xml version="1.0" encoding="UTF-8"?> ... <Server> <Service name="Catalina"> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <!-- Here is my valve --> <Valve className="package.of.my.custom.valve.TomcatLogin" /> <Host ... > ... </Host> </Engine> </Service> </Server>
这是我收到的错误消息:
10-Jan-2019 10:11:03.576 SEVERE [main] org.apache.tomcat.util.digester.Digester.endElement End event threw exception java.lang.reflect.InvocationTargetException ... A bunch of useless stacktrace Caused by: java.lang.IllegalArgumentException: Configuration error: Must be attached to a Context at org.apache.catalina.authenticator.AuthenticatorBase.setContainer(AuthenticatorBase.java:278) at org.apache.catalina.core.StandardPipeline.addValve(StandardPipeline.java:335) at org.apache.catalina.core.ContainerBase.addValve(ContainerBase.java:1133) ... 27 more 10-Jan-2019 10:11:03.579 WARNING [main] org.apache.catalina.startup.Catalina.load Catalina.start using conf/server.xml: Error at (107, 82) : Configuration error: Must be attached to a Context 10-Jan-2019 10:11:03.579 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server. Server instance is not configured.
我认为我的阀门是正确编写的,所以我想问题出在配置中。不知道为什么没有附加上下文。有任何想法吗?
编辑: 我尝试将阀门放入我的应用程序中META-INF/context.xml(因为没有开始,所以我必须制造一个)。这里是:
META-INF/context.xml
<?xml version="1.0"?> <Context> <Valve className="package.of.my.custom.valve.TomcatLogin" /> </Context>
然后,服务器启动,但是无法部署任何应用程序。我收到了与IBM阀门类似的错误,该阀门最初是在无法从中找到AuthenticatorBase类的自定义实现中尝试使用的catalina.jar。这是SEVERE我遇到的错误:
AuthenticatorBase
catalina.jar
SEVERE
10-Jan-2019 15:34:06.673 SEVERE [main] org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/sample-DB]] ... Stacktrace info ... at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:441) Caused by: java.lang.ExceptionInInitializerError at org.apache.tomcat.util.digester.Digester.startDocument(Digester.java:1102) Caused by: java.lang.NullPointerException at java.nio.charset.Charset.put(Charset.java:538) ... Stacktrace ... 10-Jan-2019 15:34:06.688 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/fmac/deploy/sample.war] has finished in [11] ms 10-Jan-2019 15:34:06.689 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/fmac/deploy/sample-auth.war] 10-Jan-2019 15:34:06.692 SEVERE [main] org.apache.tomcat.util.digester.Digester.startElement Begin event threw error java.lang.NoClassDefFoundError: org/apache/catalina/authenticator/AuthenticatorBase ... Stacktrace The Error Below is the most confusing one. How can it not find this class? ... Caused by: java.lang.ClassNotFoundException: org.apache.catalina.authenticator.AuthenticatorBase at java.net.URLClassLoader.findClass(URLClassLoader.java:381) ... Stacktrace ... 10-Jan-2019 15:34:13.823 SEVERE [https-jsse-nio2-8443-exec-3] org.apache.coyote.http11.Http11Processor.service Error processing request java.lang.NoClassDefFoundError: Could not initialize class org.apache.tomcat.util.buf.B2CConverter at org.apache.catalina.connector.CoyoteAdapter.convertURI(CoyoteAdapter.java:1072)
因此,我终于能够找出问题所在。我们有一个自定义的tomcat实现,其中一部分涉及在java命令中附加类路径。由于某种原因,某些正在使用的数据库驱动程序导致Tomcat无法在中找到任何库CATALINA_HOME/lib。我在Docker容器中运行,这是VM版本中的一些旧的残留物。我们最终只需要把那些驱动程序扔掉。
java
CATALINA_HOME/lib
不太确定为什么它们会完全覆盖基本lib/目录,但是至少在离开时会出现这些错误,并且我实际上能够使用我拥有的预建身份验证器,而不是微调此自定义身份验证器。
lib/
