Welcome to this hands-on lab for adding users to Tomcat 9 using Red Hat Enterprise 8. Apache’s Tomcat is a Java based application platform built around deploying and managing Java Web Applications.
This lab focuses on adding new users to an existing Tomcat environment. The server provided is Red Hat Enterprise 8, and has Tomcat 9 preinstalled for you (available on port **8080**).
You will log into the server and add a user that uses digest authentication to validate that the password is correct.
You will need to edit the `server.xml` file
Once you create the SHA-512 key, you will need to change the `tomcat-users.xml` file to make use of it.
Then you will need to confirm that everything works by logging into the server as that user.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Test to Ensure You Can Access the Preconfigured Tomcat Instance, Using the Server’s Public IP Address and Port 8080
It may take from 3 to 10 minutes after the hands-on lab has started before you can access the Tomcat server on Port 8080.
To access the server, visit the external IP address and test in a web browser on port 8080.
For example, if the IP address shown was 3.92.152.3 then you would put the following URL into your web browser:
http://3.92.152.3:8080.- Log into the Server Console to Perform the Required Tasks
Ensure you can log into the provided server.
- Change the Tomcat Server so It Uses Digest Authentication
Change to the
/usr/local/tomcat9folder and edit theconf/server.xml:Find the following lines:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm>Replace them with the this:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"> <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="sha-512" /> </Realm> </Realm>Save the file and exit.
- You Will Need to Create the SHA-512 Key with the Password of Your Choice
From the
tomcatfolder, run thebin/digestcommand with appropriate options:- If the password is PenguinTemp61 then the following command would generate the hash:
./bin/digest.sh -a sha-512 -h org.apache.catalina.realm.MessageDigestCredentialHandler PenGuinTemp88
Copy the generated hash to the clipboard. It will be used later.
NOTE: Your password will be echoed back to you as part of the returned response. Don’t copy the password or the
:, just the long string of numbers.- If the password is PenguinTemp61 then the following command would generate the hash:
- You Will Need to Change the tomcat-users.xml File to Make Use of the Password Hash You Generated
Edit the
conf/tomcat-users.xmlfile and replace the plain text password with the hash you copied earlier.Be careful to only replace the old password that’s inside the quotes (
""). Leave the rest of the entry as is. If you have problems logging into the GUI after the change then check to make sure the formatting of that line of user information is correct.Since changes were made to the
server.xmlyou will need to restart the Tomcat server:sudo systemctl restart tomcat- Test That the New User Works by Using It to Log into the Server
Go to the Tomcat server in your web browser by going to the public IP address of the server and appending :8080 to it.
Then go to the Manager App in the GUI. You should get a username and password prompt. Enter the username and password.
You should be able to log in.
If you are unable to log in. Troubleshoot the changes that were made.
