Re: Using RealmBase.Digest(...)
Mark Leone wrote: snip If you want to know what your default charset is, invoke getDigestEncoding(). Whatever value is returned is the charset you need all your users to use when they authenticate (or a charset that is compatible within the ranges of characters that the users will be entering). If they will be using other charsets, you should be able to determine what they're using from the Content-Type entity header field in the HTTP request message, and then set that charset value for your realm using setDigestEncoding(). The charset will be specified as a parameter value in the Content-Type field. For example, Content-Type: text/html; charset=ISO-8859-4 See section 14.17 of the HTTP spec; here's the link: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17 Be aware that I did some testing of digest authentication and passwords that contained UTF-8 characters (random Arabic and Japanese as far as I recall) and I noticed that the browsers mangled the UTF-8 passwords during the generation of the digest and did so in an inconsistent manner. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using RealmBase.Digest(...)
1) If you have catalina.jar in the $CATALINA_HOME/server/lib/ directory, then it's only going to be available to the Tomcat server internal code, not to your web apps. If you want it to be available to Tomcat and your web apps, then you should put it in the $CATALINA_HOME/common/lib/ directory. You don't need to copy it- you can move it there- since that will make it available to Tomcat and all your web apps. 2) As stated in Footnote 19 of the HTTP/1.1 spec, the IANA Character Set Registry (Reynolds, J. and J. Postel, Assigned Numbers http://www.ietf.org/rfc/rfc1700.txt , STD 2, RFC 1700, October 1994.) is the authoritative listing of charset values. However, I noticed that the API for setDigestEncoding() says that the String charset parameter can be null to indicate the platform default character set. I suggest you give that a try when invoking Digest(). Pass it a null String value for the third parameter and see if it works. I think that what you're trying to match is the charset the client browsers will use when the users attempt to authenticate to the realm. If you want to know what your default charset is, invoke getDigestEncoding(). Whatever value is returned is the charset you need all your users to use when they authenticate (or a charset that is compatible within the ranges of characters that the users will be entering). If they will be using other charsets, you should be able to determine what they're using from the Content-Type entity header field in the HTTP request message, and then set that charset value for your realm using setDigestEncoding(). The charset will be specified as a parameter value in the Content-Type field. For example, Content-Type: text/html; charset=ISO-8859-4 See section 14.17 of the HTTP spec; here's the link: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17 -Mark J Malcolm wrote: I'm writing an app to create user id/pw's in a db for use by realms. I've read the realm HOW-TO page. But I have two implementation questions: 1) the page says: To use either of the above techniques, the $CATALINA_HOME/server/lib/catalina.jar file will need to be on your class path to make the RealmBase class available. I'm doing this in a servlet. The way I typically make jar files avail to servlets is to put them in the WEB-INF/lib dir or in the Tomcat common lib. I don't think I should be making a copy of this jar or moving it around. How do I force a jar into a webapp's classpath? Is there a tag I can put in web.xml to set classpath or add jars? 2) There are three parameters on the Digest() method. The third parm is 'encoding'. What encoding should I be using? I assume it needs to match whatever encoding the realm code is going to use when it compares the digested password. What string do I use for this parm? Thanks. Jerry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Using RealmBase.Digest(...)
I'm writing an app to create user id/pw's in a db for use by realms. I've read the realm HOW-TO page. But I have two implementation questions: 1) the page says: To use either of the above techniques, the $CATALINA_HOME/server/lib/catalina.jar file will need to be on your class path to make the RealmBase class available. I'm doing this in a servlet. The way I typically make jar files avail to servlets is to put them in the WEB-INF/lib dir or in the Tomcat common lib. I don't think I should be making a copy of this jar or moving it around. How do I force a jar into a webapp's classpath? Is there a tag I can put in web.xml to set classpath or add jars? 2) There are three parameters on the Digest() method. The third parm is 'encoding'. What encoding should I be using? I assume it needs to match whatever encoding the realm code is going to use when it compares the digested password. What string do I use for this parm? Thanks. Jerry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
digested passwords: using RealmBase.Digest() in a jsp
Hi Folks, please help me out of this one... I´ve set up a tomcat with JDBC Realm Authentication and MD5 Digest. So far, it works fine, but I somehow don´t manage to use the Method org.apache.catalina.realm.RealmBase.Digest() in one of my JSPs. I need this Feature to let my Users change their passwords via web. This works well when implemented as Standalone Application. I just can´t import this class in my JSPs. The reason is that I can´t include catalina.jar in my classpath - tomcat won´t start when I do. Any Ideas ? Workarounds ? regards, Ralf __ Gesendet von Yahoo! Mail - http://mail.yahoo.de Sie brauchen mehr Speicher für Ihre E-Mails? - http://premiummail.yahoo.de -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: digested passwords: using RealmBase.Digest() in a jsp
Hi Ralph, Have you tried putting catalina.jar in common/lib/ or /java/jre/lib/ext/ or even WEB-INF/lib? I don't know if Tomcat can get by without it in tomcat/server/lib, but you may need to move it to prevent multiple class loading, but I doubt it. Rick - Original Message - From: Ralf Baumert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 02, 2002 5:09 AM Subject: digested passwords: using RealmBase.Digest() in a jsp Hi Folks, please help me out of this one... I´ve set up a tomcat with JDBC Realm Authentication and MD5 Digest. So far, it works fine, but I somehow don´t manage to use the Method org.apache.catalina.realm.RealmBase.Digest() in one of my JSPs. I need this Feature to let my Users change their passwords via web. This works well when implemented as Standalone Application. I just can´t import this class in my JSPs. The reason is that I can´t include catalina.jar in my classpath - tomcat won´t start when I do. Any Ideas ? Workarounds ? regards, Ralf -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]