Hi all,

Long story short: I started consulting in a company that is developing  
a product using Tomcat. They want to be able to run the application in  
different containers to make sure they are spec compliant and all, so  
I suggested Resin as an alternative.

I've been able to configure the datasources, massage the web.xml to be  
more compliant etc. but now I came across a problem I'm not sure how  
easy it is to solve: the authenticator.

Both containers have an implementation of a typical jdbc  
authenticator... but for a tiny detail: Resin uses  
username+realm+password for the digest and Tomcat uses just the  
password, hence the digests do not match and all password are  
considered wrong in one of the containers.

  The passwords in use are already stored like that and changing them  
would not really solve the problem but move it to the Tomcat side.

I don't use container based authentication in my own applications for  
this very reason, but they are using it and I thought that might not  
be an uncommon problem so... is there any way to configure  
com.caucho.server.security.JdbcAuthenticator to use just the password  
for the digests?



resin-interest mailing list

Reply via email to