如何解決Tomcat警告：試圖驗證鎖定的用戶？

Question

我正在使用Tomcat 7進行Spring和JPA Application，數據庫MySQL。 一切正常，但有時會出現realm.LockOutRealm驗證問題。我還使用連接池在我的應用程序，如：

的persistence.xml：

<properties> 
     <property name="hibernate.connection.username" value="---"/> 
     <property name="hibernate.connection.driver_class" value="com.mysql.jdbc.Driver"/> 
     <property name="hibernate.connection.password" value="----------"/> 
     <property name="hibernate.connection.url" value="jdbc:mysql://----------?autoReconnect=true"/> 
     <!--Connection Pooling c3p0 configuration--> 
     <!--Minimum number of JDBC connections in the pool. Hibernate default: 1--> 
     <property name="hibernate.c3p0.min_size" value="5"/> 
     <!--Maximum number of JDBC connections in the pool. Hibernate default: 100--> 
     <property name="hibernate.c3p0.max_size" value="20"/> 
     <!--When an idle connection is removed from the pool (in second). Hibernate default: 0, never expire.--> 
     <property name="hibernate.c3p0.timeout" value="300"/> 
     <!--Number of prepared statements will be cached. Increase performance. Hibernate default: 0 , caching is disable.--> 
     <property name="hibernate.c3p0.max_statements" value="50"/> 
     <!--idle time in seconds before a connection is automatically validated. Hibernate default: 0--> 
     <property name="hibernate.c3p0.idle_test_period" value="300"/> 
</properties> 

和server.xml中境界的樣子：

<!-- Use the LockOutRealm to prevent attempts to guess user passwords 
      via a brute-force attack --> 
     <Realm className="org.apache.catalina.realm.LockOutRealm"> 
     <!-- This Realm uses the UserDatabase configured in the global JNDI 
      resources under the key "UserDatabase". Any edits 
      that are performed against this UserDatabase are immediately 
      available for use by the Realm. --> 
     <Realm className="org.apache.catalina.realm.UserDatabaseRealm" 
       resourceName="UserDatabase"/> 
     </Realm> 

     <Host name="localhost" appBase="webapps" 
      unpackWARs="true" autoDeploy="true"> 

     <!-- SingleSignOn valve, share authentication between web applications 
      Documentation at: /docs/config/valve.html --> 
     <!-- 
     <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> 
     --> 

我上搜索網，但無法找到解決方案。是否有任何關於蠻力攻擊的問題，以及是否有解決這個問題的方案。

錯誤日誌中Catelina.out是：

Mar 02, 2013 3:28:34 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "tomcat" 
Mar 02, 2013 3:29:49 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "tomcat" 
Mar 02, 2013 3:31:04 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "tomcat" 
Mar 02, 2013 3:37:25 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "admin" 
Mar 02, 2013 3:38:47 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "admin" 
Mar 02, 2013 3:39:58 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "admin" 
Mar 02, 2013 3:46:31 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "coyote" 
Mar 02, 2013 3:52:49 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "manager" 
Mar 02, 2013 3:59:03 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "administrator" 
Mar 02, 2013 4:06:38 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "root" 
Mar 02, 2013 4:07:52 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "root" 
Mar 02, 2013 4:09:17 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "root" 
Mar 02, 2013 4:10:35 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "root" 
Mar 02, 2013 4:11:47 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "root" 
Mar 02, 2013 4:13:02 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "root" 
Mar 02, 2013 4:14:17 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "root" 
Mar 02, 2013 4:15:34 PM org.apache.catalina.realm.LockOutRealm authenticate 
WARNING: An attempt was made to authenticate the locked user "root" 

> Hibernate: select 

---------------------------------- 
javax.persistence.PersistenceException: 
org.hibernate.exception.JDBCConnectionException: could not execute query 

(DelegatingConstructorAccessorImpl.java:45) 
    at java.lang.reflect.Constructor.newInstance(Constructor.java:525) 
    at com.mysql.jdbc.Util.handleNewInstance(Util.java:409) 
    at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1118) 
    at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:3321) 
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1940) 
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113) 
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2568) 
    at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2113) 
    at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2275) 
    at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeQuery(NewProxyPreparedStatement.java:116) 
    at org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java:186) 
    at org.hibernate.loader.Loader.getResultSet(Loader.java:1787) 
    at org.hibernate.loader.Loader.doQuery(Loader.java:674) 
    at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:236) 
    at org.hibernate.loader.Loader.doList(Loader.java:2220) 
    ... 39 more 
Caused by: java.net.SocketException: Broken pipe 

Answer 1

上面的警告意味着你無法給用戶tomcat的多次驗證。 Tomcat懷疑這是對用戶tomcat的蠻力攻擊。

你在你的應用程序中使用了什麼認證？在應用程序的web.xml中使用什麼登錄配置？

resourceName「UserDatabase」的默認配置是文件conf/tomcat-users.xml。 您是否更改了resourceName「UserDatabase」的配置？

你可以找到的server.xml文件資源UserDatabase的配置：

<Resource name="UserDatabase" auth="Container" 
       type="org.apache.catalina.UserDatabase" 
       description="User database that can be updated and saved" 
       factory="org.apache.catalina.users.MemoryUserDatabaseFactory" 
       pathname="conf/tomcat-users.xml" /> 

默認情況下，所有用戶評論。 爲了能夠與XML文件中的用戶一起工作，您應該取消註釋。然後，您將能夠與用戶的tomcat登錄：

<tomcat-users> 
    <role rolename="tomcat"/> 
    <user username="tomcat" password="tomcat" roles="tomcat"/> 
</tomcat-users> 

最好的問候，

邁克爾

Answer 2

_{（對16K遊人到此頁：}

由於這是上所以我會假設讀者是開發者。）

這個錯誤在指示您有腳本/用戶嘗試使用不正確的用戶/密碼登錄。解決這個問題很簡單，只需將正確的用戶/密碼對添加到文件ApacheTomcat\conf\tomcat-users.xml和重新啓動服務器。

另外請確保您已正確設置角色。例如。在server.xml中 沒有變化由我：如果你發送基本的HTTP認證請求localhost:8080/manager，您將需要manager-gui作用：

<?xml version='1.0' encoding='utf-8'?> 
<tomcat-users> 
    <role rolename="manager-gui"/> 
    <user username="foobar" password="foobar" roles="tomcat,role1, manager-gui "/> 
</tomcat-users>