Tomcat 9 - understanding CredentialHandler
It is common practice to use non-plaintext passwords for Tomcat users, but in Tomcat 9 things changed slightly. Take a look at this example.
-
open shell and create digest using the CredentialHandler
>digest.sh -a sha-256 -h org.apache.catalina.realm.MessageDigestCredentialHandler ************
-
modify tomcat-users.xml and add the digest
<tomcat-users> <user name="admin" password="1256b3fd09cc0d114d3010d9bafc0e4d62c1348hc94d2319e197b0a457c580e$1$30f9ce17f3b9a508cd9bc49503901d5fc83851382c49da83c7d6dd02a6fc4c95" roles="manager-gui"> </user> </tomcat-users>
-
modify server.xml and add declaration of CredentialHandler
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"> <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-256"> </CredentialHandler> </Realm>