Johnny Kewl wrote:
I dont think you can do what you want to...
I dont think you can use web based DIGEST authentication.
And then hide passwords in a MD5 digest as well.
Yes you can.
I think web based DIGEST authentication, MUST get at the plain text
password.
No.
That process has to be
Mark Thomas wrote:
Johnny Kewl wrote:
I dont think you can do what you want to...
I dont think you can use web based DIGEST authentication.
And then hide passwords in a MD5 digest as well.
Yes you can.
I think web based DIGEST authentication, MUST get at the plain text
password.
No.
zhongliang zhang wrote:
Hi,Mark,
I have to turn to you again.
I encounter the problem with configuring the Digested-Password in the
JDBCRealm.
The JDBCRealm fragment of the $TOMCAT_HOME/conf/server.xml is shown as
followed:
Realm className=org.apache.catalina.realm.JDBCRealm
thanks very much for all your replying.
But I can not make it works.
I store the password in HexUtils.convert(byte[]) method to store the password
in my Oracle database.
And I configure the Tomcat JDBCRealm with the digest attribute.
And I do a test with MySQL database,for it is small and
Hi,
It still does not work.
Here is the trace:
I create the SHA1 password from the command prompt:
C:\tomcatjava org.apache.catalina.realm.RealmBase -a SHA1 zhangzhongl:JDBCRealm
:secret
zhangzhongl:JDBCRealm:secret:0743d07d727aae8864569cbcefb9ae788150e8b9
C:\tomcatjava
Thomas [EMAIL PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Sent: Sunday, November 04, 2007 8:24 PM
Subject: Re: [tomcat]How to decrypt the DIGEST authentication?
Mark Thomas wrote:
Johnny Kewl wrote:
I dont think you can do what you want to...
I dont think you can use web based DIGEST
zhang [EMAIL PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Sent: Monday, November 05, 2007 5:28 AM
Subject: RE: [tomcat]How to decrypt the DIGEST authentication?
Hi,
It still does not work.
Here is the trace:
I create the SHA1 password from the command prompt:
C:\tomcatjava
thanks for your replying.
Now It works if I specify the alg with MD5,but still does not work with SHA.
and I do not know what does the middle field of zhangzhongl:JDBCRealm:secret
means,that is,the JDBCRealm,is it a unchangeable part?I do not think so,for
the Tomcat docs give an example of
---
HARBOR: http://coolharbor.100free.com/index.htm
Now Tomcat is also a cool pojo application server
---
Just a note...
The way you are doing it,
Sent: Friday, November 02, 2007 3:14 AM
Subject: RE: [tomcat]How to decrypt the DIGEST authentication?
Hi,Mark,
I have to turn to you again.
I encounter the problem with configuring the Digested-Password in the
JDBCRealm.
The JDBCRealm fragment of the $TOMCAT_HOME/conf/server.xml is shown
zhongliang zhang wrote:
Thanks a lot.I think I got another way to solve the group hierarchical
problem,but I am not sure about it. maybe you can help me to confirm it:I
wrote the SQL as followed:create or replace view groupview asselect
usertable.username,
Thank you very much for all your reply.
I think because of the time-zone between us,while I am in China,we do not have
the same online time. so I replied late.
I will try that way to specify the digest element.
thanks a lot.
I do not know whether that feature works well with Tomcat 5.5,if so,I
Hi,Mark,
I have to turn to you again.
I encounter the problem with configuring the Digested-Password in the JDBCRealm.
The JDBCRealm fragment of the $TOMCAT_HOME/conf/server.xml is shown as followed:
Realm className=org.apache.catalina.realm.JDBCRealm
driverName=com.mysql.jdbc.Driver
zhongliang zhang wrote:
But the application allows creating new group,how do I solve this problem?
What problem? You need to say what the problem is if we are going to be
able to help.
web.xml doesn't support the dynamic addition of new groups. Further, the
Realm doesn't understand the
, 31 Oct 2007 10:51:42 + From: [EMAIL PROTECTED] To:
users@tomcat.apache.org Subject: Re: [tomcat]How to decrypt the DIGEST
authentication? zhongliang zhang wrote: But the application allows
creating new group,how do I solve this problem? What problem? You need to
say what the problem
Hi,
Digest authentication involves multiple MD5s including the username,
password, url, realm, random data... Believe me when I tell you that
there is no way that you will get the password from the digest (in
fact, it was designed this way so this is not feasible.)
For your original
-0300 From: [EMAIL PROTECTED] To:
users@tomcat.apache.org Subject: Re: [tomcat]How to decrypt the DIGEST
authentication? Hi, Digest authentication involves multiple MD5s
including the username, password, url, realm, random data... Believe me when
I tell you that there is no way that you
zhongliang zhang wrote:
I checked the url that you supplied to me and expecially the JDBCRealm
part,for I have stored the username and password in a relational database.
So,what I need to do is:
1.build the users table and the roles table.
2.configure the org.apache.catalina.realm.JDBCRealm
Think about it the other way around. User types cleartext password,
tomcat's authentication digests it and then compares with what is on the
database. So when they change the password you need to capture the
password in cleartext, digest it yourself, then store it. You don't need
to decrypt it,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Roger,
Roger Parkinson wrote:
Think about it the other way around. User types cleartext password,
tomcat's authentication digests it and then compares with what is on the
database.
They're talking about HTTP Auth, not Realms and stuff like that.
in the remote client with an
browser will be digested,and sent to the server side.
Is that right?
Date: Tue, 30 Oct 2007 18:33:08 -0400 From: [EMAIL PROTECTED] To:
users@tomcat.apache.org Subject: Re: [tomcat]How to decrypt the DIGEST
authentication? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
zhongliang zhang wrote:
Thanks a lot for everyone's reply.
I use the JDBCRealm and I store the users information and roles information
in the database,such as Oracle.
then in my application set the security part in the web.xml,which has an
auth-method with DIGEST.
So,the username and
zhongliang zhang wrote:
In the database(Oracle),the tables I used are usertable and grouptable,the
association table of them is groupmembertable:
usertable has columns of userid,username and password
grouptable has columns of groupid,groupname
groupmembertable has columns of groupid,userid
@tomcat.apache.org Subject: Re: [tomcat]How to decrypt the DIGEST
authentication? zhongliang zhang wrote: Thanks a lot for everyone's
reply. I use the JDBCRealm and I store the users information and roles
information in the database,such as Oracle. then in my application set the
security part
needs configuration,not coding?
thanks a lot for your patience!
Date: Wed, 31 Oct 2007 01:47:27 + From: [EMAIL PROTECTED] To:
users@tomcat.apache.org Subject: Re: [tomcat]How to decrypt the DIGEST
authentication? zhongliang zhang wrote: In the database(Oracle),the
tables I used
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
Mark Thomas wrote:
The special role * means all roles defined in your application,
not all authenticated users. You'll have to create an all users group,
assign it to every user and then use that in your web.xml
I think it is more precise
But the application allows creating new group,how do I solve this problem?
What problem? You need to say what the problem is if we are going to be able
to help.
Only the member of group administrators have access to the adminitrative
page,and other groups,like groupA,groupB,... the member
zhongliang zhang wrote:
thanks a lot.
In fact,I want just one group's user named Administrators can get access to
the administrative page,which can do some privileged operation.The common
users can get access to the common user page,they have limited privileged
operation.
So,should I
Hi,everyone,
I got a problem with the DIGEST authentication.
I configured my web.xml as followed:
security-constraint
web-resource-collection
web-resource-nameapp/web-resource-name
url-pattern/*/url-pattern
29 matches
Mail list logo