[ http://issues.apache.org/jira/browse/GERONIMO-1880?page=all ]
Aaron Mulder updated GERONIMO-1880: ----------------------------------- Fix Version/s: 1.2 > To Allow configurable password digests during REALM Deployment. > --------------------------------------------------------------- > > Key: GERONIMO-1880 > URL: http://issues.apache.org/jira/browse/GERONIMO-1880 > Project: Geronimo > Issue Type: Improvement > Security Level: public(Regular issues) > Components: security > Affects Versions: 1.1 > Environment: Geronimo1.1 > Reporter: Phani Balaji Madgula > Fix For: 1.2 > > > Hi, > I observed REALM deployments in TOMCAT, I feel to have same kind of > flexibility in specifying password DIGESTs for realms. Tomcat allows password > DIGEST to be specified while declaring REALM in server.xml. > <GlobalNamingResources> > <Resource name="PhaniUserDatabase" auth="Container" > type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved" > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > pathname="conf/tomcat-users-1.xml" /> > </GlobalNamingResources> > <Engine name="Catalina" defaultHost="localhost"> > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > resourceName="UserDatabase"/> > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > resourceName="PhaniUserDatabase" digest="MD5"/> > </Engine> > Now, user can store MD5 digested passwords for the users in > tomcat-users-1.xml file as follows. > <?xml version='1.0' encoding='utf-8'?> > <tomcat-users> > <role rolename="role2"/> > <role rolename="role4"/> > <role rolename="role1"/> > <role rolename="role3"/> > <user username="nag" password="9fdc8b3f3027472d64e26a8e88fa2727" > roles="role3,role4"/> > <user username="phani" password="c49f410c89f1031f816031ba60215f50" > roles="role1,role2"/> > <user username="balaji" password="e75c1a66ae406db7d2f451b216b10664" > roles="role3,role4"/> > </tomcat-users> > If user accesses any web application that declared security constraints with > role1,role2,role3,role4, Tomcat will challenge the user for authentication > where the user needs to specify userid and clear text password. Tomcat will > digest the supplied password and compare it with what is specified in the > file. > Can we have same kind of feature in Geronimo also? That is, to specify DIGEST > in REALM deployment plan. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira