Hi!
If I see correctly (after testing for it and browsing source extensively),
the 3.2 product line of Tomcat does not support the Digest authentication
scheme (RFC 2069). Could you confirm this? Also, please let me know if 3.3
or 4.0 support Digest.
In case they don't, I'm ready to provide an
Just wanted you to know: I've done with implementing Digest authentication
in Tomcat 3.2.1 code, will incorporate it into current 3.2.x latest code
from CVS. The funny thing is that so-called "mainstream" browsers (IE and
NN; tried many versions this afternoon) DO NOT support the Digest
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: 2001. szeptember 7. 18:13
Subject: Re: Digest authentication in Tomcat?
Tomcat 4.0 already supports DIGEST, but only if the realm can return clear
text passwords. Designing a cheme to store the
a
webapplication. The idea is to reduce the pressure on the official
release, reduce the 'featurism', keep tomcat simple, etc.
I'll look into 3.3 architecture. Right now I have a proof-of-concept
implementation coded against 3.2.1 source.
Attila.
Costin
On Fri, 7 Sep 2001, Attila Szegedi wrote:
Hi
Ok, but that would still require some modifications in the JDBC realm, for
example, because it has the annoying habit to store H(password) ;-)
I was planning to add a mechanism a bit like you describe, but after 4.0.
Right, I had to touch existing realm code as well, since current realms
Maybe it's a bit late for this, however here it goes; incorporate it if you
like:
I've added support for DIGEST authentication scheme to Tomcat 3.3.
I was able to successfully test it with Opera 5.12 browser WHEN Tomcat
didn't return an Authentication-info header on successful authentication.
Been thinking about how could it be done completely orthogonal to the main
code (that is, as an independent module), but no matter how I look at it, I
can't figure how to acheive the same functionality without touching
AccessInterceptor and RealmBase. OTOH, The Digest* classes can be moved into
a
A quick look inside the source code of sun.security.provider.JavaKeyStore reveals the
following line in the getPreKeyedHash() method:
md.update(Mighty Aphrodite.getBytes(UTF8));
Background: They're storing a MD5 hash of the password in the keystore to ensure the
keystore was not tampered. To
Well I didn't want to bring this to the sunlight so soon but since you brought up the
issue:
I'm developing a generic non-blocking server framework for JDK 1.4.
It handles all subtleties of the non-blocking server's life, such as non-blocking
pipes for servlet output buffering, thread scaling
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: 2002. január 8. 16:35
Subject: Re: nbio connector
My primary goal for bringing the code in the public is that I want
to build a HTTP/1.1 connector for Tomcat 4.0 based on
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: 2002. január 8. 17:35
Subject: Re: nbio connector
I'm a bit sceptical about the usefulness of the thing, then, since reading
and parsing requests headers is by far the
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: 2002. január 8. 19:19
Subject: Re: nbio connector
I agree on both the points above.
Especially the first one actually, since you can avoid wasting a thread on
waiting,
- Original Message -
From: [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: 2002. január 8. 20:35
Subject: Re: nbio connector
I'm not very sure about nbio - most of the time there's a lot
of complexity ( and a different programming model, etc ) - and
the
Why not just use defaults, and provide a way for an administrator to configure
additional reserved filenames. The administrator *SHOULD* know if there are additional
dos devices defined on the system...
Attila.
- Original Message -
From: Jim Seach [EMAIL PROTECTED]
To: Tomcat
Yes, after Mauricio brought to my attention the existence of a non-JDK NBIO package
few days ago. At this point in time my framework was almost complete. On the first
glance, the Sandstorm services platform part of the SEDA quite resembles my effort but
I'll have to also take a closer look.
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: 2002. január 8. 16:35
Subject: Re: nbio connector
, and could
use a helping hand here and there. In fact, I already have much of
the code for building the
practice I described in a published article, and I keep
getting posts from people that read the article complaining it's not working
in TC 4.x. (This worked perfectly in TC 3.2.x, btw.)
TIA,
Attila.
--
Attila Szegedi
home: http://www.szegedi.org
- Original Message -
From: Christopher
of the
process on the other end of the IPC. If you want to respond to process
termination situations, you'd rather use a console control handler (look
into the SetConsoleCtrlHandler friends API call).
--
Attila Szegedi
home: http://www.szegedi.org
- Original Message -
From: Ignacio J
18 matches
Mail list logo