You could probably implement your own authenticator, possibly just
subclassing the JdbcAuthenticator (see below), then use that
authenticator in resin-web.xml.
I myself wrote a "patch" for a Tomcat only webapp, that contains this
plus dummy implementations of Tomcat classes/interfaces like
org.apache.catalina.Container, Engine, Host, Realm, Server.
Maybe this code suites your needs too:
public class MyJdbcAuthenticator extends JdbcAuthenticator {
public MyJdbcAuthenticator() {
super.setPasswordDigestRealm(null);
}
public String getPasswordDigest(HttpServletRequest request,
HttpServletResponse response, ServletContext app, String user, String
password) throws ServletException {
return super.getPasswordDigest(request, response, app, null, password);
}
public String getPasswordDigest(String password) throws ServletException {
return super.getPasswordDigest(null, null, null, null, password);
}
}
/Mattias
Daniel Lopez wrote:
> Hi all,
>
> Long story short: I started consulting in a company that is developing
> a product using Tomcat. They want to be able to run the application in
> different containers to make sure they are spec compliant and all, so
> I suggested Resin as an alternative.
>
> I've been able to configure the datasources, massage the web.xml to be
> more compliant etc. but now I came across a problem I'm not sure how
> easy it is to solve: the authenticator.
>
> Both containers have an implementation of a typical jdbc
> authenticator... but for a tiny detail: Resin uses
> username+realm+password for the digest and Tomcat uses just the
> password, hence the digests do not match and all password are
> considered wrong in one of the containers.
>
> The passwords in use are already stored like that and changing them
> would not really solve the problem but move it to the Tomcat side.
>
> I don't use container based authentication in my own applications for
> this very reason, but they are using it and I thought that might not
> be an uncommon problem so... is there any way to configure
> com.caucho.server.security.JdbcAuthenticator to use just the password
> for the digests?
>
> Cheers!
> D.
_______________________________________________
resin-interest mailing list
[email protected]
http://maillist.caucho.com/mailman/listinfo/resin-interest
