[
https://issues.apache.org/jira/browse/SHIRO-20?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13933591#comment-13933591
]
Sebastian Audet commented on SHIRO-20:
--------------------------------------
The primary issue with getting this done is finding the password. The reference
implementation in Spring Security simply looks up the password for a given
username, with an option for it being already hashed or not. Since it appears
Shiro is always assuming that there is a password for any given username being
sent, either the DigestFilter must be able to lookup the user's password, or
the filter must be able to forward the request to an appropriate Realm.
> Support HTTP Digest Authentication
> ----------------------------------
>
> Key: SHIRO-20
> URL: https://issues.apache.org/jira/browse/SHIRO-20
> Project: Shiro
> Issue Type: New Feature
> Reporter: Les Hazlewood
>
> Just as we support HTTP Basic Authentication via the
> BasicHttpAuthenticationFilter, we should also support HTTP Digest
> Authentication out of the box as well:
> http://en.wikipedia.org/wiki/Digest_access_authentication
--
This message was sent by Atlassian JIRA
(v6.2#6252)
