Thank you very much! I according to what you said it and solved the problem. I have modified CATALINA_HOME/conf/server.xml to :
<Context path="/sample" docBase="/home/coremail/tomcat/webapps_exp/sample"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" digest="MD5"/> </Realm> <Valve className="org.apache.catalina.authenticator.DigestAuthenticator" validateUri="false"/> </Context> Everything is all right,thanks again! 2017-06-01 ophusky 发件人:Mark Thomas <ma...@apache.org> 发送时间:2017-06-01 15:50 主题:Re: a question about Realm config 收件人:"Tomcat Users List"<users@tomcat.apache.org> 抄送: This time to the list... On 01/06/17 08:02, ophusky wrote: > Tomcat version:8.0.43.0 > Nginx version:openresty/1.11.2.2 > OS:CentOS Linux release 7.3.1611 (Core) > > I have already configure tomcat to use the DIGEST certification, > When I have direct access to Tomcat all normal, > http://192.168.122.130:8080/sample/test/test.html can trigger the > certification and passed. > But when I through the nginx proxy access, > http://192.168.122.130/tomcat/sample/test/test.html have a few > problems,can trigger the certification but can't passed ,repeated > authentication dialog. <snip/> > nginx.conf > > location ~ /tomcat/ { > rewrite ^/tomcat/(.*) /$1 break; > proxy_pass http://192.168.122.130:8080; > } > > Why cannot be accessed through the nginx and certified ? please help me > ,thanks! The request URL forms part of the DIGEST authentication process. By changing it in the reverse proxy, you are breaking the authentication process. You can disable the URI validation. See the validateUri attribute in http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Digest_Authenticator_Valve/Attributes Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org