A good place to leanr how to use digest authentication
Hi, Im trying to use Digest authentication with an AXIS web service hosted on Tomcat 5.0.28. The problem is in setting up Digest authentication for Tomcat. I did as was written in HOW-TO setting up a JDBC realm, I tried to connect the URL configured on the secure realm from IE 6.0. Presto whatever I tried I always got 401. Once i changed authentication back to basic, things started working, when I change them back to Digest i start getting 401. Is there some place where I could get exact description of setting up Digest authentication in Tomcat. Please help Regards, Chandan
Re: A good place to leanr how to use digest authentication
http://www.devx.com/DevX/Article/21911 Chandan Gupta [EMAIL PROTECTED] wrote: Hi, Im trying to use Digest authentication with an AXIS web service hosted on Tomcat 5.0.28. The problem is in setting up Digest authentication for Tomcat. I did as was written in HOW-TO setting up a JDBC realm, I tried to connect the URL configured on the secure realm from IE 6.0. Presto whatever I tried I always got 401. Once i changed authentication back to basic, things started working, when I change them back to Digest i start getting 401. Is there some place where I could get exact description of setting up Digest authentication in Tomcat. Please help Regards, Chandan - Yahoo! for Good Click here to donate to the Hurricane Katrina relief effort.
Re: A good place to leanr how to use digest authentication
On 9/15/05, bachoo jahnkar [EMAIL PROTECTED] wrote: Im trying to use Digest authentication with an AXIS web service hosted on ... connect the URL configured on the secure realm from IE 6.0. Presto whatever I tried I always got 401. Once i changed authentication back to basic, things started working, when I change them back to Digest i start getting 401. I think this is an old problem with IE and digest auth: http://www.eweek.com/article2/0,1895,1500432,00.asp Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-user Digest 11 Sep 2005 15:29:19 -0000 Issue 5872
Hi- You might investigate using the include directive: %@ include file=... % instead of the include action. -Terence M. Bandoian [EMAIL PROTECTED] wrote: Hi, i am using Jasper coming with tomcat 4.1.31 for precompilation of some jsps. It generates empty-element tags where generation of start-tag followed by immediate end-tag would be needed/preferred. For example there are includes like: jsp:include page=includes/scripts.jsp/ where scripts.jsp contains the lines like script type=text/javascript src=lib/whatever.js /script. Precompiled jsps output these in their shortened form: script type=text/javascript src=lib/whatever.js/. How do i tune that behaviour - jasper options, jsps themselves, xml parser? thanks, Taimo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
replying to msgs in digest
If I subscribe only to tomcat-user Digest, how can I send a follow-up to a particular msg? Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 266.11.17 - Release Date: 25/May/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-user Digest 16 May 2005 21:06:57 -0000 Issue 5633
Hi Peter, You're a stunner. Thanks very much... your fix works.The file is printed out nicely and multiple restarts doesn't mess it up. Danke, Ankit [EMAIL PROTECTED] 05/16/2005 05:06 PM Please respond to Tomcat Users List [EMAIL PROTECTED] To tomcat-user@jakarta.apache.org cc Subject tomcat-user Digest 16 May 2005 21:06:57 - Issue 5633 tomcat-user Digest 16 May 2005 21:06:57 - Issue 5633 - Message from Peter Rossbach [EMAIL PROTECTED] on Mon, 16 May 2005 20:23:43 +0200 - To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Admin Application messes up HTTPS Connectors in server.xml Hey Ankit, I found the bug and hope you can test my fix at cvs head. Thanks Peter Ankit Shah schrieb: Hi Peter, Thanks for your response. I double-checked to make sure that secure=true is present. Also, the admin app does write out that attribute. It is indeed the missing sslProtocol attribute that's the root of all problems. Here are the 2 connector elements from configs: Configured Manually. Works fine: Connector port=1443 maxThreads=15 minSpareThreads=5 maxSpareThreads=10 enableLookups=false disableUploadTimeout=true maxKeepAliveRequests=1 acceptCount=10 debug=0 scheme=https secure=true keystorePass=mypassword keystoreFile=c:\path\to\certificate\file clientAuth=false sslProtocol=TLS / Saved by Admin App: Breaks Connector port=1443 scheme=https secure=true keystoreFile=c:\path\to\certificate\file keystorePass=mypassword maxSpareThreads=10 debug=0 maxThreads=15 maxKeepAliveRequests=1 minSpareThreads=5 clientAuth=false acceptCount=10 / To fix the above so that it works: Connector port=1443 scheme=https secure=true keystoreFile=c:\path\to\certificate\file keystorePass=mypassword maxSpareThreads=10 debug=0 maxThreads=15 maxKeepAliveRequests=1 minSpareThreads=5 clientAuth=false acceptCount=10 sslProtocol=TLS / Note that secure=true is printed out by the admin app I have been investigating the source code to track the file that is doing the job of saving the connector configuration to disk. It should be one of the files belonging to the storeconfig.jar classes. As a stop-gap arrangement i might tweak the code to force printing that attribute and over-ride all checks for just that attribute. (Messy ... but it will work until a more thorough investigation is done. Everyone knows how deadlines go ... ;) ) Thanks again, Ankit [EMAIL PROTECTED] 05/15/2005 06:55 PM Please respond to Tomcat Users List [EMAIL PROTECTED] To tomcat-user@jakarta.apache.org cc Subject tomcat-user Digest 15 May 2005 22:55:08 - Issue 5626 Message from Peter Rossbach [EMAIL PROTECTED] on Sun, 15 May 2005 20:16:01 +0200 - To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Admin Application messes up HTTPS Connectors in server.xml Hey Ankit, can it be that you forget the secure=true attribute at your https connector? I have look inside Http11Protocol code and find this: public void setProtocol( String k ) { setSecure(true); setAttribute(protocol, k); } The sslProtocol=TLS is the default and the StoreConfig handler delete all defaults before saving. This is really a bad side effect, but with correct secure attribute setting it works for me! This https config is also documented at: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html When problem still exists, please send your working and breaking Connector element config from server.xml Thanks Peter Ankit Shah schrieb: Hi, The Tomcat admin utility doesn't save the HTTPS connectors properly. It misses out the 'sslProtocol' attribute and this results in the failed connector. Does anyone have a fix around this? The following is the current state of our server: Tomcat 5.5.9 with 1.4.2 compatibility add-on. JRE version 1.4.2_05 My Tests and results: About certificates: We are using our own keytool generated unsigned certificates. Everytime i point firefox to the admin app, it will present the certificate for my approval. I temporarily accept the certificate for my session. 1. Install tomcat, configure an HTTPS connector Run the admin app and change a parameter (acceptCount in my case: raised it from 8 to 10) and click Save and then Commit Changes Restart tomcat. Restart Firefox. Pointing the browser to the admin app homepage will not load anything. No Certificate presented!! 2. Manually did a diff on server.xml and server.xml.backup . The difference is the missing 'sslProtocol' attribute. The docs say this attribute is optional, but that doesn't seem like the case. Added the attribute manually sslProtocol=TLS Restart Tomcat. Restart Firefox. Certificate presented. Admin App Homepage Loaded. 3. By seeing the server.xml
Re: tomcat-user Digest 12 May 2005 01:34:48 -0000 Issue 5616
Hi Mark, My jar file is placed in $CATALINA_HOME/server/lib/ Here is the slice of my server.xml Service name=Service-name Engine defaultHost=localhost name=Catalina Realm className=my.realm.classname datasource=datasourcename ... other attributes/ Host docbase=webapps name=localhost/ /Engine /Service Thanks, Ankit [EMAIL PROTECTED] 05/11/2005 09:34 PM Please respond to Tomcat Users List [EMAIL PROTECTED] To tomcat-user@jakarta.apache.org cc Subject tomcat-user Digest 12 May 2005 01:34:48 - Issue 5616 tomcat-user Digest 12 May 2005 01:34:48 - Issue 5616 Topics (messages 126492 through 126521): Re: Issues with Custom Realm in Tomcat 5.5 126492 by: Mark Thomas -- - Message from Mark Thomas [EMAIL PROTECTED] on Wed, 11 May 2005 19:08:15 +0100 - To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Issues with Custom Realm in Tomcat 5.5 Where are you placing the .jar/.class files for your custom realm? At what level in server.xml is your realm configured? Mark Ankit Shah wrote: Hi everyone, I hope someone can help us with this problem. Current Tomcat settings: Release in use: 5.5.9 along with 1.4.2 compatibility add-on Logging using Log4J JRE version: 1.4.2_05 We have written our own custom realm that essentially extends the standard DataSource Realm. However, we are unable to authenticate users of Tomcat's admin and manager application using our Realm. When setting Log4J logging level to Debug, we discovered the following: 1. The Realm is loaded into the MBean Manager. We see a message 'MBean successfully registered' for our Realm 2. When admin is user is being validated, the log messages say 'ClassLoader error: class not found'. and authentication fails. I am not sure whether it failed to load our Realm (shouldn't happen since already registered with MBean) or something else went missing. We CAN perform authentication using the MemoryRealm that's configured by default. What makes this problem even more strange is our Realm worked successfully with Tomcat 5.5.7 Anyone have ANY suggestions as where can we investigate for this problem, please do respond back Thanks in advance. Ankit
Re: tomcat-user Digest 30 Apr 2005 13:34:46 -0000 Issue 5590
Thanks for that piece of information, but you missed the part of my message that said it also failed the same way if I just configured for mod_jk. Here is the tail of the build with: ./configure --with-apxs=/local/APACHE/Apache2/bin/apxs /bin/bash /local/APACHE/Apache2/build/libtool --silent --mode=compile gcc -I/local/APACHE/Apache2/include -g -O2 -DUSE_APACHE_MD5 -I ../common -I /a2/JAVA/java/include -I /a2/JAVA/java/include/unix -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -g -O2 -pthreads -DHAVE_APR -I/a4/APACHE/httpd-2.0.54/srclib/apr/include -g -O2 -g -O2 -pthreads -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -c mod_jk.c /bin/bash /local/APACHE/Apache2/build/libtool --silent --mode=link gcc -I/local/APACHE/Apache2/include -g -O2 -DUSE_APACHE_MD5 -I ../common -I /a2/JAVA/java/include -I /a2/JAVA/java/include/unix -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -g -O2 -pthreads -DHAVE_APR -I/a4/APACHE/httpd-2.0.54/srclib/apr/include -g -O2 -g -O2 -pthreads -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT `/local/APACHE/Apache2/bin/apxs -q LDFLAGS` -o mod_jk.la -module -rpath /local/APACHE/Apache2/modules -avoid-version mod_jk.lo ../common/jk_ajp12_worker.lo ../common/jk_connect.lo ../common/jk_msg_buff.lo ../common/jk_util.lo ../common/jk_ajp13.lo ../common/jk_pool.lo ../common/jk_worker.lo ../common/jk_ajp13_worker.lo ../common/jk_lb_worker.lo ../common/jk_sockbuf.lo ../common/jk_map.lo ../common/jk_uri_worker_map.lo ../common/jk_ajp14.lo ../common/jk_ajp14_worker.lo ../common/jk_md5.lo ../common/jk_shm.lo ../common/jk_ajp_common.lo ../common/jk_context.lo ../common/jk_status.lo /bin/bash /local/APACHE/Apache2/build/libtool --silent --mode=install cp `pwd`/mod_jk.so libtool: install: you must specify a destination Try `libtool --help --mode=install' for more information. *** Error code 1 make: Fatal error: Command failed for target `mod_jk.so' Current working directory /a4/TOMCAT/jakarta-tomcat-connectors-1.2.11-src/jk/n ative/apache-2.0 *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Message-ID: [EMAIL PROTECTED] Date: Fri, 29 Apr 2005 21:00:50 +0200 From: Mladen Turk [EMAIL PROTECTED] MIME-Version: 1.0 To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: mod_jk 1.2.11 build failure on solaris 2.8 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit J. W. Ballantine wrote: I'm trying to build mod_jk 1.2.11 on a solaris 2.8 system and it fails with: The configuration command is: ./configure --with-apxs=/local/APACHE/Apache2/bin/apxs --enable-jni --with-java-home=/a2/JAVA/java --with-java-platform=2 jni will not work anyhow on any unix system. It can work in theory only for WIN32 on Netware, so just use: ./configure --with-apxs=/local/APACHE/Apache2/bin/apxs Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-user Digest 30 Apr 2005 13:34:46 -0000 Issue 5590
Dear Sir or Madam: I am Judge Dean M. Trafelet and your emails are erroronesouly and improperly being sent to my email address. Notice is hereby given that you are to immediately remove me from your emailing. DMT - Original Message - From: J. W. Ballantine [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Cc: [EMAIL PROTECTED] Sent: Monday, May 02, 2005 10:09 AM Subject: Re: tomcat-user Digest 30 Apr 2005 13:34:46 - Issue 5590 Thanks for that piece of information, but you missed the part of my message that said it also failed the same way if I just configured for mod_jk. Here is the tail of the build with: ./configure --with-apxs=/local/APACHE/Apache2/bin/apxs /bin/bash /local/APACHE/Apache2/build/libtool --silent --mode=compile gcc -I/local/APACHE/Apache2/include -g -O2 -DUSE_APACHE_MD5 -I ../common -I /a2/JAVA/java/include -I /a2/JAVA/java/include/unix -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -g -O2 -pthreads -DHAVE_APR -I/a4/APACHE/httpd-2.0.54/srclib/apr/include -g -O2 -g -O2 -pthreads -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -c mod_jk.c /bin/bash /local/APACHE/Apache2/build/libtool --silent --mode=link gcc -I/local/APACHE/Apache2/include -g -O2 -DUSE_APACHE_MD5 -I ../common -I /a2/JAVA/java/include -I /a2/JAVA/java/include/unix -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -g -O2 -pthreads -DHAVE_APR -I/a4/APACHE/httpd-2.0.54/srclib/apr/include -g -O2 -g -O2 -pthreads -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT `/local/APACHE/Apache2/bin/apxs -q LDFLAGS` -o mod_jk.la -module -rpath /local/APACHE/Apache2/modules -avoid-version mod_jk.lo ../common/jk_ajp12_worker.lo ../common/jk_connect.lo ../common/jk_msg_buff.lo ../common/jk_util.lo ../common/jk_ajp13.lo ../common/jk_pool.lo ../common/jk_worker.lo ../common/jk_ajp13_worker.lo ../common/jk_lb_worker.lo ../common/jk_sockbuf.lo ../common/jk_map.lo ../common/jk_uri_worker_map.lo ../common/jk_ajp14.lo ../common/jk_ajp14_worker.lo ../common/jk_md5.lo ../common/jk_shm.lo ../common/jk_ajp_common.lo ../common/jk_context.lo ../common/jk_status.lo /bin/bash /local/APACHE/Apache2/build/libtool --silent --mode=install cp `pwd`/mod_jk.so libtool: install: you must specify a destination Try `libtool --help --mode=install' for more information. *** Error code 1 make: Fatal error: Command failed for target `mod_jk.so' Current working directory /a4/TOMCAT/jakarta-tomcat-connectors-1.2.11-src/jk/n ative/apache-2.0 *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Message-ID: [EMAIL PROTECTED] Date: Fri, 29 Apr 2005 21:00:50 +0200 From: Mladen Turk [EMAIL PROTECTED] MIME-Version: 1.0 To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: mod_jk 1.2.11 build failure on solaris 2.8 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit J. W. Ballantine wrote: I'm trying to build mod_jk 1.2.11 on a solaris 2.8 system and it fails with: The configuration command is: ./configure --with-apxs=/local/APACHE/Apache2/bin/apxs --enable-jni --with-java-home=/a2/JAVA/java --with-java-platform=2 jni will not work anyhow on any unix system. It can work in theory only for WIN32 on Netware, so just use: ./configure --with-apxs=/local/APACHE/Apache2/bin/apxs Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: How can I create a digest password - digest.bat is the key!
Thank you... My English is not so good...but what I'd like to say is that if these admins and webadmins guys are editing the configuration files and typing the passwords as they are...it's easier for an internal observer racker. If the pass would be encrypted it would be 'a little' more difficult... -Mensagem original- De: Parsons Technical Services [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 14 de abril de 2005 00:58 Para: Tomcat Users List Assunto: Re: RES: How can I create a digest password - digest.bat is the key! Dejavu In a properly configured system, if the attacker can read the server.xml or context element then he has OWNED your system and has free reign. If secured on windows then only two groups should have access, admins and the webadmins. If either of those have been compromised you got big issues. What exactly do you mean by watch clean passwords? Doug - Original Message - From: Paulo Alvim [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, April 13, 2005 7:00 PM Subject: RES: RES: How can I create a digest password - digest.bat is the key! Ok, thank you, I didn't think that it would be the only solution...but it would make things a little more difficult and our customers don't like the idea of to watch clean passwords because they don't do it to create Windows Services or Oracle users. We know that these softwares have proprietary databases to store that pass - but I was wondering what could be done in the Tomcat Open-Source context...do you think that the only approach would be to protect the folders/files - file system level security? What are you guys doing? -Mensagem original- De: Mark Thomas [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 18:16 Para: Tomcat Users List Assunto: Re: RES: How can I create a digest password - digest.bat is the key! Paulo, I am pretty sure this won't work. Tomcat can't calculate the real password (required by the database) from the hash. The key feature of a hash is its one way nature. Also, if Tomcat could get the password from the hash so could any attacker. Mark Paulo Alvim wrote: Lorenzo, Are you using the DBCP JDBC connection pooling (with that configuration files in the conf/catalina/localhost)? We'd like to know if your approach could be used to change the JDBC pool configuration files from: ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name valuemypass/value /parameter (...) /ResourceParams ...to something like (pass encrypted): ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name value%$#I(#)$/value /parameter (...) /ResourceParams -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 17:13 Para: Tomcat Users List Assunto: RE: How can I create a digest password - digest.bat is the key! Prioridade: Alta Dear Paulo: Thanks for your comments. What we want is to have minimum exposure to hacking. We found out that, in the context.xml, we can specify the users.xml file, and the digest method. So now it is possible to have a different user and password for admin and manager, and in a separate location where hackers -hopelly- cannot get thru. Also in the net we found that we can generate the MD5 password using digest.bat that is in the tomcat/bin directory. This worked perfectly! Thanks again, Regards, Lorenzo Jimenez -Original Message- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:01 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - another error - Found word(s) list error in the Text body Hi, I don't know if it's your objective but is it possible to use MD5 to encode passwords in the DBCP conf files? Is there any documentation about how could we avoid to have the real passwords in these files? Thanks in advance! Alvim -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 15:04 Para: Tomcat Users List Assunto: RE: How can I create a digest password - another error Prioridade: Alta Dear Jerry: Thanks for the advice. I follow your advice
How can I create a digest password
Hi, I need help to generate encrypted passwords. Using the Tomcat 5's documentation: C:\java org.apache.catalina.realm.RealmBase -a MD5 mypassd And this is the error message: Exception in thread main java.lang.NoClassDefFoundError: org/apache/catalina/realm/RealmBase I also checked the classpath, and Catalina.jar is in it. I even tried being positioned on catalina's directory. Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07. Thank you very much! Lorenzo - Si usted no es el destinatario indicado en este mensaje o responsable como persona de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor notifique al correo [EMAIL PROTECTED] Para más referencia sobre términos importantes relacionados a este correo visite http://www.nacion.com/disclaimer/index_es2.htm If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or send this message to anyone, please notify to [EMAIL PROTECTED] Click here for important additional terms relating to this e-mail. http://www.nacion.com/disclaimer/index_en2.htm - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SV: How can I create a digest password
I created the following bash-script in Linux: #=== echo -e Enter password to encode: read password $JAVA_HOME/bin/java -classpath $CATALINA_HOME/server/lib/catalina.jar org.apache.catalina.realm.RealmBase -a SHA $password #=== In windows, the following works: java -classpath D:\project\tdk-2.3_01\server\lib\catalina.jar org.apache.catalina.realm.RealmBase -a SHA mypassword /Martin -Ursprungligt meddelande- Från: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Skickat: den 13 april 2005 18:57 Till: Tomcat Users List Ämne: How can I create a digest password Prioritet: Hög Hi, I need help to generate encrypted passwords. Using the Tomcat 5's documentation: C:\java org.apache.catalina.realm.RealmBase -a MD5 mypassd And this is the error message: Exception in thread main java.lang.NoClassDefFoundError: org/apache/catalina/realm/RealmBase I also checked the classpath, and Catalina.jar is in it. I even tried being positioned on catalina's directory. Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07. Thank you very much! Lorenzo - Si usted no es el destinatario indicado en este mensaje o responsable como persona de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor notifique al correo [EMAIL PROTECTED] Para más referencia sobre términos importantes relacionados a este correo visite http://www.nacion.com/disclaimer/index_es2.htm If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or send this message to anyone, please notify to [EMAIL PROTECTED] Click here for important additional terms relating to this e-mail. http://www.nacion.com/disclaimer/index_en2.htm - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How can I create a digest password
The problem you are hiting is due to the location of the jar file in the default tomcat install. You can move the jar file into the lib\common area. Frankly, I think it's much cleaner to just copy the code to create pw's into one of your own classes. It's only a few lines of code. Just find the realmbase class in the Tomcat source and clone the method. Jerry -Original Message- From: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 13, 2005 11:57 AM To: Tomcat Users List Subject: How can I create a digest password Importance: High Hi, I need help to generate encrypted passwords. Using the Tomcat 5's documentation: C:\java org.apache.catalina.realm.RealmBase -a MD5 mypassd And this is the error message: Exception in thread main java.lang.NoClassDefFoundError: org/apache/catalina/realm/RealmBase I also checked the classpath, and Catalina.jar is in it. I even tried being positioned on catalina's directory. Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07. Thank you very much! Lorenzo - Si usted no es el destinatario indicado en este mensaje o responsable como persona de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor notifique al correo [EMAIL PROTECTED] Para más referencia sobre términos importantes relacionados a este correo visite http://www.nacion.com/disclaimer/index_es2.htm If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or send this message to anyone, please notify to [EMAIL PROTECTED] Click here for important additional terms relating to this e-mail. http://www.nacion.com/disclaimer/index_en2.htm - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How can I create a digest password - another error
Dear Jerry: Thanks for the advice. I follow your advice but did not worked. I use this C:\java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar org.apache.catalina.realm.RealmBase -a MD5 admin And I got this error: Exception in thread main java.lang.NoClassDefFoundError: javax/management/MBeanRegistration at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) Thanks again, Lorenzo -Original Message- From: J Malcolm [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 11:07 a.m. To: 'Tomcat Users List' Subject: [SPAM2] - RE: How can I create a digest password - Found word(s) list error in the Text body The problem you are hiting is due to the location of the jar file in the default tomcat install. You can move the jar file into the lib\common area. Frankly, I think it's much cleaner to just copy the code to create pw's into one of your own classes. It's only a few lines of code. Just find the realmbase class in the Tomcat source and clone the method. Jerry -Original Message- From: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 13, 2005 11:57 AM To: Tomcat Users List Subject: How can I create a digest password Importance: High Hi, I need help to generate encrypted passwords. Using the Tomcat 5's documentation: C:\java org.apache.catalina.realm.RealmBase -a MD5 mypassd And this is the error message: Exception in thread main java.lang.NoClassDefFoundError: org/apache/catalina/realm/RealmBase I also checked the classpath, and Catalina.jar is in it. I even tried being positioned on catalina's directory. Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07. Thank you very much! Lorenzo - Si usted no es el destinatario indicado en este mensaje o responsable como persona de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor notifique al correo [EMAIL PROTECTED] Para más referencia sobre términos importantes relacionados a este correo visite http://www.nacion.com/disclaimer/index_es2.htm If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or send this message to anyone, please notify to [EMAIL PROTECTED] Click here for important additional terms relating to this e-mail. http://www.nacion.com/disclaimer/index_en2.htm - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: How can I create a digest password - another error
Hi, I don't know if it's your objective but is it possible to use MD5 to encode passwords in the DBCP conf files? Is there any documentation about how could we avoid to have the real passwords in these files? Thanks in advance! Alvim -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 15:04 Para: Tomcat Users List Assunto: RE: How can I create a digest password - another error Prioridade: Alta Dear Jerry: Thanks for the advice. I follow your advice but did not worked. I use this C:\java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar org.apache.catalina.realm.RealmBase -a MD5 admin And I got this error: Exception in thread main java.lang.NoClassDefFoundError: javax/management/MBeanRegistration at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) Thanks again, Lorenzo -Original Message- From: J Malcolm [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 11:07 a.m. To: 'Tomcat Users List' Subject: [SPAM2] - RE: How can I create a digest password - Found word(s) list error in the Text body The problem you are hiting is due to the location of the jar file in the default tomcat install. You can move the jar file into the lib\common area. Frankly, I think it's much cleaner to just copy the code to create pw's into one of your own classes. It's only a few lines of code. Just find the realmbase class in the Tomcat source and clone the method. Jerry -Original Message- From: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 13, 2005 11:57 AM To: Tomcat Users List Subject: How can I create a digest password Importance: High Hi, I need help to generate encrypted passwords. Using the Tomcat 5's documentation: C:\java org.apache.catalina.realm.RealmBase -a MD5 mypassd And this is the error message: Exception in thread main java.lang.NoClassDefFoundError: org/apache/catalina/realm/RealmBase I also checked the classpath, and Catalina.jar is in it. I even tried being positioned on catalina's directory. Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07. Thank you very much! Lorenzo - Si usted no es el destinatario indicado en este mensaje o responsable como persona de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor notifique al correo [EMAIL PROTECTED] Para más referencia sobre términos importantes relacionados a este correo visite http://www.nacion.com/disclaimer/index_es2.htm If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or send this message to anyone, please notify to [EMAIL PROTECTED] Click here for important additional terms relating to this e-mail. http://www.nacion.com/disclaimer/index_en2.htm - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How can I create a digest password - digest.bat is the key!
Dear Paulo: Thanks for your comments. What we want is to have minimum exposure to hacking. We found out that, in the context.xml, we can specify the users.xml file, and the digest method. So now it is possible to have a different user and password for admin and manager, and in a separate location where hackers -hopelly- cannot get thru. Also in the net we found that we can generate the MD5 password using digest.bat that is in the tomcat/bin directory. This worked perfectly! Thanks again, Regards, Lorenzo Jimenez -Original Message- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:01 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - another error - Found word(s) list error in the Text body Hi, I don't know if it's your objective but is it possible to use MD5 to encode passwords in the DBCP conf files? Is there any documentation about how could we avoid to have the real passwords in these files? Thanks in advance! Alvim -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 15:04 Para: Tomcat Users List Assunto: RE: How can I create a digest password - another error Prioridade: Alta Dear Jerry: Thanks for the advice. I follow your advice but did not worked. I use this C:\java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar org.apache.catalina.realm.RealmBase -a MD5 admin And I got this error: Exception in thread main java.lang.NoClassDefFoundError: javax/management/MBeanRegistration at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) Thanks again, Lorenzo -Original Message- From: J Malcolm [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 11:07 a.m. To: 'Tomcat Users List' Subject: [SPAM2] - RE: How can I create a digest password - Found word(s) list error in the Text body The problem you are hiting is due to the location of the jar file in the default tomcat install. You can move the jar file into the lib\common area. Frankly, I think it's much cleaner to just copy the code to create pw's into one of your own classes. It's only a few lines of code. Just find the realmbase class in the Tomcat source and clone the method. Jerry -Original Message- From: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 13, 2005 11:57 AM To: Tomcat Users List Subject: How can I create a digest password Importance: High Hi, I need help to generate encrypted passwords. Using the Tomcat 5's documentation: C:\java org.apache.catalina.realm.RealmBase -a MD5 mypassd And this is the error message: Exception in thread main java.lang.NoClassDefFoundError: org/apache/catalina/realm/RealmBase I also checked the classpath, and Catalina.jar is in it. I even tried being positioned on catalina's directory. Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07. Thank you very much! Lorenzo - Si usted no es el destinatario indicado en este mensaje o responsable como persona de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor notifique al correo [EMAIL PROTECTED] Para más referencia sobre términos importantes relacionados a este correo visite http://www.nacion.com/disclaimer/index_es2.htm If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or send this message to anyone, please notify to [EMAIL PROTECTED] Click here for important additional terms relating to this e-mail. http://www.nacion.com/disclaimer/index_en2.htm - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
RES: How can I create a digest password - digest.bat is the key!
Lorenzo, Are you using the DBCP JDBC connection pooling (with that configuration files in the conf/catalina/localhost)? We'd like to know if your approach could be used to change the JDBC pool configuration files from: ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name valuemypass/value /parameter (...) /ResourceParams ...to something like (pass encrypted): ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name value%$#I(#)$/value /parameter (...) /ResourceParams -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 17:13 Para: Tomcat Users List Assunto: RE: How can I create a digest password - digest.bat is the key! Prioridade: Alta Dear Paulo: Thanks for your comments. What we want is to have minimum exposure to hacking. We found out that, in the context.xml, we can specify the users.xml file, and the digest method. So now it is possible to have a different user and password for admin and manager, and in a separate location where hackers -hopelly- cannot get thru. Also in the net we found that we can generate the MD5 password using digest.bat that is in the tomcat/bin directory. This worked perfectly! Thanks again, Regards, Lorenzo Jimenez -Original Message- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:01 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - another error - Found word(s) list error in the Text body Hi, I don't know if it's your objective but is it possible to use MD5 to encode passwords in the DBCP conf files? Is there any documentation about how could we avoid to have the real passwords in these files? Thanks in advance! Alvim -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 15:04 Para: Tomcat Users List Assunto: RE: How can I create a digest password - another error Prioridade: Alta Dear Jerry: Thanks for the advice. I follow your advice but did not worked. I use this C:\java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar org.apache.catalina.realm.RealmBase -a MD5 admin And I got this error: Exception in thread main java.lang.NoClassDefFoundError: javax/management/MBeanRegistration at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) Thanks again, Lorenzo -Original Message- From: J Malcolm [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 11:07 a.m. To: 'Tomcat Users List' Subject: [SPAM2] - RE: How can I create a digest password - Found word(s) list error in the Text body The problem you are hiting is due to the location of the jar file in the default tomcat install. You can move the jar file into the lib\common area. Frankly, I think it's much cleaner to just copy the code to create pw's into one of your own classes. It's only a few lines of code. Just find the realmbase class in the Tomcat source and clone the method. Jerry -Original Message- From: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 13, 2005 11:57 AM To: Tomcat Users List Subject: How can I create a digest password Importance: High Hi, I need help to generate encrypted passwords. Using the Tomcat 5's documentation: C:\java org.apache.catalina.realm.RealmBase -a MD5 mypassd And this is the error message: Exception in thread main java.lang.NoClassDefFoundError: org/apache/catalina/realm/RealmBase I also checked the classpath, and Catalina.jar is in it. I even tried being positioned on catalina's directory. Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07. Thank you very
RE: How can I create a digest password - digest.bat is the key! - Found word(s) list error in the Text body
Paulo: Are you using the DBCP JDBC connection pooling Yes, but how can I tell tomcat the password is encrypted? Using the realm? Thanks again, Lorenzo -Original Message- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:59 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - digest.bat is the key! - Found word(s) list error in the Text body Lorenzo, Are you using the DBCP JDBC connection pooling (with that configuration files in the conf/catalina/localhost)? We'd like to know if your approach could be used to change the JDBC pool configuration files from: ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name valuemypass/value /parameter (...) /ResourceParams ...to something like (pass encrypted): ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name value%$#I(#)$/value /parameter (...) /ResourceParams -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 17:13 Para: Tomcat Users List Assunto: RE: How can I create a digest password - digest.bat is the key! Prioridade: Alta Dear Paulo: Thanks for your comments. What we want is to have minimum exposure to hacking. We found out that, in the context.xml, we can specify the users.xml file, and the digest method. So now it is possible to have a different user and password for admin and manager, and in a separate location where hackers -hopelly- cannot get thru. Also in the net we found that we can generate the MD5 password using digest.bat that is in the tomcat/bin directory. This worked perfectly! Thanks again, Regards, Lorenzo Jimenez -Original Message- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:01 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - another error - Found word(s) list error in the Text body Hi, I don't know if it's your objective but is it possible to use MD5 to encode passwords in the DBCP conf files? Is there any documentation about how could we avoid to have the real passwords in these files? Thanks in advance! Alvim -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 15:04 Para: Tomcat Users List Assunto: RE: How can I create a digest password - another error Prioridade: Alta Dear Jerry: Thanks for the advice. I follow your advice but did not worked. I use this C:\java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar org.apache.catalina.realm.RealmBase -a MD5 admin And I got this error: Exception in thread main java.lang.NoClassDefFoundError: javax/management/MBeanRegistration at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) Thanks again, Lorenzo -Original Message- From: J Malcolm [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 11:07 a.m. To: 'Tomcat Users List' Subject: [SPAM2] - RE: How can I create a digest password - Found word(s) list error in the Text body The problem you are hiting is due to the location of the jar file in the default tomcat install. You can move the jar file into the lib\common area. Frankly, I think it's much cleaner to just copy the code to create pw's into one of your own classes. It's only a few lines of code. Just find the realmbase class in the Tomcat source and clone the method. Jerry -Original Message- From: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 13, 2005 11:57 AM To: Tomcat Users List Subject: How can I create a digest password Importance: High Hi, I need help
Re: RES: How can I create a digest password - digest.bat is the key!
Paulo, I am pretty sure this won't work. Tomcat can't calculate the real password (required by the database) from the hash. The key feature of a hash is its one way nature. Also, if Tomcat could get the password from the hash so could any attacker. Mark Paulo Alvim wrote: Lorenzo, Are you using the DBCP JDBC connection pooling (with that configuration files in the conf/catalina/localhost)? We'd like to know if your approach could be used to change the JDBC pool configuration files from: ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name valuemypass/value /parameter (...) /ResourceParams ...to something like (pass encrypted): ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name value%$#I(#)$/value /parameter (...) /ResourceParams -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 17:13 Para: Tomcat Users List Assunto: RE: How can I create a digest password - digest.bat is the key! Prioridade: Alta Dear Paulo: Thanks for your comments. What we want is to have minimum exposure to hacking. We found out that, in the context.xml, we can specify the users.xml file, and the digest method. So now it is possible to have a different user and password for admin and manager, and in a separate location where hackers -hopelly- cannot get thru. Also in the net we found that we can generate the MD5 password using digest.bat that is in the tomcat/bin directory. This worked perfectly! Thanks again, Regards, Lorenzo Jimenez -Original Message- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:01 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - another error - Found word(s) list error in the Text body Hi, I don't know if it's your objective but is it possible to use MD5 to encode passwords in the DBCP conf files? Is there any documentation about how could we avoid to have the real passwords in these files? Thanks in advance! Alvim -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 15:04 Para: Tomcat Users List Assunto: RE: How can I create a digest password - another error Prioridade: Alta Dear Jerry: Thanks for the advice. I follow your advice but did not worked. I use this C:\java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar org.apache.catalina.realm.RealmBase -a MD5 admin And I got this error: Exception in thread main java.lang.NoClassDefFoundError: javax/management/MBeanRegistration at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) Thanks again, Lorenzo -Original Message- From: J Malcolm [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 11:07 a.m. To: 'Tomcat Users List' Subject: [SPAM2] - RE: How can I create a digest password - Found word(s) list error in the Text body The problem you are hiting is due to the location of the jar file in the default tomcat install. You can move the jar file into the lib\common area. Frankly, I think it's much cleaner to just copy the code to create pw's into one of your own classes. It's only a few lines of code. Just find the realmbase class in the Tomcat source and clone the method. Jerry -Original Message- From: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 13, 2005 11:57 AM To: Tomcat Users List Subject: How can I create a digest password Importance: High Hi, I need help to generate encrypted passwords. Using the Tomcat 5's documentation: C:\java org.apache.catalina.realm.RealmBase -a MD5 mypassd And this is the error message: Exception in thread main
RES: How can I create a digest password - digest.bat is the key! - Found word(s) list error in the Text body
That's my question... To generate encrypt pass is like you did. But DBCP would need to have a flag in order to decrypt the pass...I don't know if the realm is related to this. -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 18:02 Para: Tomcat Users List Assunto: RE: How can I create a digest password - digest.bat is the key! - Found word(s) list error in the Text body Prioridade: Alta Paulo: Are you using the DBCP JDBC connection pooling Yes, but how can I tell tomcat the password is encrypted? Using the realm? Thanks again, Lorenzo -Original Message- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:59 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - digest.bat is the key! - Found word(s) list error in the Text body Lorenzo, Are you using the DBCP JDBC connection pooling (with that configuration files in the conf/catalina/localhost)? We'd like to know if your approach could be used to change the JDBC pool configuration files from: ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name valuemypass/value /parameter (...) /ResourceParams ...to something like (pass encrypted): ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name value%$#I(#)$/value /parameter (...) /ResourceParams -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 17:13 Para: Tomcat Users List Assunto: RE: How can I create a digest password - digest.bat is the key! Prioridade: Alta Dear Paulo: Thanks for your comments. What we want is to have minimum exposure to hacking. We found out that, in the context.xml, we can specify the users.xml file, and the digest method. So now it is possible to have a different user and password for admin and manager, and in a separate location where hackers -hopelly- cannot get thru. Also in the net we found that we can generate the MD5 password using digest.bat that is in the tomcat/bin directory. This worked perfectly! Thanks again, Regards, Lorenzo Jimenez -Original Message- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:01 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - another error - Found word(s) list error in the Text body Hi, I don't know if it's your objective but is it possible to use MD5 to encode passwords in the DBCP conf files? Is there any documentation about how could we avoid to have the real passwords in these files? Thanks in advance! Alvim -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 15:04 Para: Tomcat Users List Assunto: RE: How can I create a digest password - another error Prioridade: Alta Dear Jerry: Thanks for the advice. I follow your advice but did not worked. I use this C:\java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar org.apache.catalina.realm.RealmBase -a MD5 admin And I got this error: Exception in thread main java.lang.NoClassDefFoundError: javax/management/MBeanRegistration at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) Thanks again, Lorenzo -Original Message- From: J Malcolm [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 11:07 a.m. To: 'Tomcat Users List' Subject: [SPAM2] - RE: How can I create a digest password - Found word(s) list error in the Text body The problem you are hiting is due to the location of the jar file in the default tomcat install. You can move the jar file
RES: RES: How can I create a digest password - digest.bat is the key!
Ok, thank you, I didn't think that it would be the only solution...but it would make things a little more difficult and our customers don't like the idea of to watch clean passwords because they don't do it to create Windows Services or Oracle users. We know that these softwares have proprietary databases to store that pass - but I was wondering what could be done in the Tomcat Open-Source context...do you think that the only approach would be to protect the folders/files - file system level security? What are you guys doing? -Mensagem original- De: Mark Thomas [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 18:16 Para: Tomcat Users List Assunto: Re: RES: How can I create a digest password - digest.bat is the key! Paulo, I am pretty sure this won't work. Tomcat can't calculate the real password (required by the database) from the hash. The key feature of a hash is its one way nature. Also, if Tomcat could get the password from the hash so could any attacker. Mark Paulo Alvim wrote: Lorenzo, Are you using the DBCP JDBC connection pooling (with that configuration files in the conf/catalina/localhost)? We'd like to know if your approach could be used to change the JDBC pool configuration files from: ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name valuemypass/value /parameter (...) /ResourceParams ...to something like (pass encrypted): ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name value%$#I(#)$/value /parameter (...) /ResourceParams -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 17:13 Para: Tomcat Users List Assunto: RE: How can I create a digest password - digest.bat is the key! Prioridade: Alta Dear Paulo: Thanks for your comments. What we want is to have minimum exposure to hacking. We found out that, in the context.xml, we can specify the users.xml file, and the digest method. So now it is possible to have a different user and password for admin and manager, and in a separate location where hackers -hopelly- cannot get thru. Also in the net we found that we can generate the MD5 password using digest.bat that is in the tomcat/bin directory. This worked perfectly! Thanks again, Regards, Lorenzo Jimenez -Original Message- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:01 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - another error - Found word(s) list error in the Text body Hi, I don't know if it's your objective but is it possible to use MD5 to encode passwords in the DBCP conf files? Is there any documentation about how could we avoid to have the real passwords in these files? Thanks in advance! Alvim -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 15:04 Para: Tomcat Users List Assunto: RE: How can I create a digest password - another error Prioridade: Alta Dear Jerry: Thanks for the advice. I follow your advice but did not worked. I use this C:\java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar org.apache.catalina.realm.RealmBase -a MD5 admin And I got this error: Exception in thread main java.lang.NoClassDefFoundError: javax/management/MBeanRegistration at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) Thanks again, Lorenzo -Original Message- From: J Malcolm [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 11:07 a.m
Re: RES: How can I create a digest password - digest.bat is the key!
Dejavu In a properly configured system, if the attacker can read the server.xml or context element then he has OWNED your system and has free reign. If secured on windows then only two groups should have access, admins and the webadmins. If either of those have been compromised you got big issues. What exactly do you mean by watch clean passwords? Doug - Original Message - From: Paulo Alvim [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, April 13, 2005 7:00 PM Subject: RES: RES: How can I create a digest password - digest.bat is the key! Ok, thank you, I didn't think that it would be the only solution...but it would make things a little more difficult and our customers don't like the idea of to watch clean passwords because they don't do it to create Windows Services or Oracle users. We know that these softwares have proprietary databases to store that pass - but I was wondering what could be done in the Tomcat Open-Source context...do you think that the only approach would be to protect the folders/files - file system level security? What are you guys doing? -Mensagem original- De: Mark Thomas [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 18:16 Para: Tomcat Users List Assunto: Re: RES: How can I create a digest password - digest.bat is the key! Paulo, I am pretty sure this won't work. Tomcat can't calculate the real password (required by the database) from the hash. The key feature of a hash is its one way nature. Also, if Tomcat could get the password from the hash so could any attacker. Mark Paulo Alvim wrote: Lorenzo, Are you using the DBCP JDBC connection pooling (with that configuration files in the conf/catalina/localhost)? We'd like to know if your approach could be used to change the JDBC pool configuration files from: ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name valuemypass/value /parameter (...) /ResourceParams ...to something like (pass encrypted): ResourceParams name=jdbc/jcompanyadmseg parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@x:1521:oraplcdb/value /parameter parameter nameusername/name valuedemo3/value /parameter parameter namepassword/name value%$#I(#)$/value /parameter (...) /ResourceParams -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 17:13 Para: Tomcat Users List Assunto: RE: How can I create a digest password - digest.bat is the key! Prioridade: Alta Dear Paulo: Thanks for your comments. What we want is to have minimum exposure to hacking. We found out that, in the context.xml, we can specify the users.xml file, and the digest method. So now it is possible to have a different user and password for admin and manager, and in a separate location where hackers -hopelly- cannot get thru. Also in the net we found that we can generate the MD5 password using digest.bat that is in the tomcat/bin directory. This worked perfectly! Thanks again, Regards, Lorenzo Jimenez -Original Message- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:01 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - another error - Found word(s) list error in the Text body Hi, I don't know if it's your objective but is it possible to use MD5 to encode passwords in the DBCP conf files? Is there any documentation about how could we avoid to have the real passwords in these files? Thanks in advance! Alvim -Mensagem original- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 15:04 Para: Tomcat Users List Assunto: RE: How can I create a digest password - another error Prioridade: Alta Dear Jerry: Thanks for the advice. I follow your advice but did not worked. I use this C:\java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar org.apache.catalina.realm.RealmBase -a MD5 admin And I got this error: Exception in thread main java.lang.NoClassDefFoundError: javax/management/MBeanRegistration at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native
Re: DIGEST authentication; Does it work??
So at 3:00 AM I decided to read the Basic and Digest Access Authentication spec (RFC 2617), and it says that MD5 is the default hash algorithm. I had previously seen that Tomcat wasn't sending any response headers explicitly specifying the hash algorithm, even though I had specified SHA in the realm/ element in Server.xml. So I changed my digest algorithm for the realm to MD5, and DIGEST authentication is now working. I'd like to make it work with SHA-1. I've looked all through the Tomcat documentation, and I can't find a configuration parameter to set the www-authenticate response header to indicate SHA-1 algorithm for the digest. I see the API that supports this in org.apache.catalina.authenticator.DigestAuthenticator ( setAuthenticateHeader() ), but I can't find a configuration parameter that will determine the value for algorithm passed to this method. Does anyone know how I can set this?* * -Mark Mark Leone wrote: I found a silly classpath error that fixed the problem using RealmBase. I didn't realize that my system still had environment variable %catalina_home% pointing to an old tomcat 4.1.24 directory. So when I opened a command window to generate digest values I was executing RealmBase in tomcat 4.1.24. But guess what. When I digest the same info with the same algorithm specifier (SHA) in Tomcat 4.1.24 and Tomcat 5.5.8 I get different digest values. And DIGEST authentication still doesn't work, in either case. Something very strange is going on here. :( -Mark Mark Leone wrote: Okay, I was using 5.5.7. So I just downloaded the source and built 5.5.8, and things got worse. Digest authentication is not working for me. I believe I've set everything up correctly. Using an HTTP monitor I see a 401 response coming back from Tomcat with a www-authenticate header whose parameters specify digest authentication and identify the realm as JDBCRealm. And I have a digested password that I created by digesting {username}:JDBCRealm:{password} (including the colons- is that correct?), as directed in the how-to documentation. But when I enter that username and password, the authentication fails. Now I used SHA-1 to digest the password, and my realm/ element in Server.xml identifies SHA as the digest algorithm for digesting passwords. Does this mean that the DIGEST authentication will also be done using SHA-1? Or do I need to specify that somewhere? Am I missing something else? I said it got worse with 5.5.8 because now I can't even get RealmBase to generate a digested password. I enter java -cp %catalina_home%\server\lib\catalina.jar org.apache.catalina.realm.RealmBase -a SHA {username}:JDBCRealm:{password} and I get: Exception in thread main java.lang.NoClassDefFoundError: org/apache/commons/lo gging/LogFactory at org.apache.catalina.realm.RealmBase.clinit(RealmBase.java:69) So it's finding RealmBase, but while executing that code it fails to find LogFactory. I don't see an org\apache\commons path in any of the class directories generated during the build. Do I have a defective build? Was I supposed to download something else? -Mark Mark Thomas wrote: Yes it does. I tested this extensively with both IE and Firefox. Any combination of the following is OK: Auth:BASIC, FORM, DIGEST Realm:Memory, UserDatabase, JDBC, DataSource Passwords:Cleartext, digested There is a complication when using digested passwords with the digest realm. You need to be using 4.1.x from CVS HEAD or 5.5.8+ For more info see: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html Mark Mark Leone wrote: I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem to work. I found some articles with Google about IE implementing DIGEST authentication in a way that only worked with MS servers, and I assume that hasn't been corrected. But I'm also using Firefox with the same results as IE. I saw an article about a workaround in Apache server to make DIGEST authentication work with IE, but I didn't see anything about Tomcat. Anyone know of any way to get DIGEST authentication in Tomcat to work with ANY browser? I should mention that I'm also using digested passwords in a JDBC Realm (implemented with mySQL), and I followed the how-to instructions for creating digested passwords to work with DIGEST authentication. And authentication with JDBCRealm works fine when I use BASIC authentication. For the record, I put the following in the Host element in Server.xml Context path=/MyApp docBase=MyApp Valve className=org.apache.catalina.authenticator.DigestAuthenticator disableProxyCaching=false / /Context I put the following in Server.xml's Engine element Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql:///Tomcat_RealmuserTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name digest=SHA/ And I put
RE: DIGEST authentication; Does it work??
The docs say this: When a standard realm authenticates by retrieving the stored password and comparing it with the value presented by the user, you can select digested passwords by specifying the *digest* attribute on your Realm element. The value for this attribute must be one of the digest algorithms supported by the java.security.MessageDigest class (SHA, MD2, or MD5). When you select this option, the contents of the password that is stored in the Realm must be the cleartext version of the password, as digested by the specified algorithm. I have starred the word digest. If you look at the source for the page you will notice the word digest is in code tags, and I think they are trying to indicate this is a key word you can use in the realm tag. Let us know if this works for you. |)ave -Original Message- From: Mark Leone [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 1:53 AM To: Tomcat Users List Subject: Re: DIGEST authentication; Does it work?? So at 3:00 AM I decided to read the Basic and Digest Access Authentication spec (RFC 2617), and it says that MD5 is the default hash algorithm. I had previously seen that Tomcat wasn't sending any response headers explicitly specifying the hash algorithm, even though I had specified SHA in the realm/ element in Server.xml. So I changed my digest algorithm for the realm to MD5, and DIGEST authentication is now working. I'd like to make it work with SHA-1. I've looked all through the Tomcat documentation, and I can't find a configuration parameter to set the www-authenticate response header to indicate SHA-1 algorithm for the digest. I see the API that supports this in org.apache.catalina.authenticator.DigestAuthenticator ( setAuthenticateHeader() ), but I can't find a configuration parameter that will determine the value for algorithm passed to this method. Does anyone know how I can set this?* * -Mark Mark Leone wrote: I found a silly classpath error that fixed the problem using RealmBase. I didn't realize that my system still had environment variable %catalina_home% pointing to an old tomcat 4.1.24 directory. So when I opened a command window to generate digest values I was executing RealmBase in tomcat 4.1.24. But guess what. When I digest the same info with the same algorithm specifier (SHA) in Tomcat 4.1.24 and Tomcat 5.5.8 I get different digest values. And DIGEST authentication still doesn't work, in either case. Something very strange is going on here. :( -Mark Mark Leone wrote: Okay, I was using 5.5.7. So I just downloaded the source and built 5.5.8, and things got worse. Digest authentication is not working for me. I believe I've set everything up correctly. Using an HTTP monitor I see a 401 response coming back from Tomcat with a www-authenticate header whose parameters specify digest authentication and identify the realm as JDBCRealm. And I have a digested password that I created by digesting {username}:JDBCRealm:{password} (including the colons- is that correct?), as directed in the how-to documentation. But when I enter that username and password, the authentication fails. Now I used SHA-1 to digest the password, and my realm/ element in Server.xml identifies SHA as the digest algorithm for digesting passwords. Does this mean that the DIGEST authentication will also be done using SHA-1? Or do I need to specify that somewhere? Am I missing something else? I said it got worse with 5.5.8 because now I can't even get RealmBase to generate a digested password. I enter java -cp %catalina_home%\server\lib\catalina.jar org.apache.catalina.realm.RealmBase -a SHA {username}:JDBCRealm:{password} and I get: Exception in thread main java.lang.NoClassDefFoundError: org/apache/commons/lo gging/LogFactory at org.apache.catalina.realm.RealmBase.clinit(RealmBase.java:69) So it's finding RealmBase, but while executing that code it fails to find LogFactory. I don't see an org\apache\commons path in any of the class directories generated during the build. Do I have a defective build? Was I supposed to download something else? -Mark Mark Thomas wrote: Yes it does. I tested this extensively with both IE and Firefox. Any combination of the following is OK: Auth:BASIC, FORM, DIGEST Realm:Memory, UserDatabase, JDBC, DataSource Passwords:Cleartext, digested There is a complication when using digested passwords with the digest realm. You need to be using 4.1.x from CVS HEAD or 5.5.8+ For more info see: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html Mark Mark Leone wrote: I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem to work. I found some articles with Google about IE implementing DIGEST authentication in a way that only worked with MS servers, and I assume that hasn't been corrected. But I'm also using Firefox with the same results as IE. I saw an article about
Re: DIGEST authentication; Does it work??
Dave, thanks very much for your help. Unfortunately, the passage you quoted is referring to how the password is digested when it is stored in the realm. This is working fine for me, and I've been able to configure it to use SHA-1 or MD-5 algorithms by setting the digest attribute in the realm/ element to either SHA or MD5, which are the appropriate keywords to identify those algorithms. What I described above works fine when I select BASIC authentication by putting the following in my web.xml login-config auth-methodBASIC/auth-method realm-nameJDBCRealm/realm-name /login-config However, I change BASIC above to DIGEST to induce the server to tell the client that DIGEST authentication is required, meaning that instead of sending the username and password as a Base64 encoded text string, which anyone can decode and thereby compromise the user's credentials, it will send a hash of the username and password, with a random value and a sequence counter generated by the server also included as an input to the hash function. This of course is a much more secure way to send login credentials. According to the spec that governs DIGEST access authentication (rfc2617), if the server does not explicitly specify a hash algorithm in the www-authenticate header of the HTTP response message (status 401- unauthorized), it defaults to MD5. So after much thrashing around, I discovered that I could only get DIGEST authentication to work by specifying MD-5 in the realm/ digest attribute, and then letting the client default to using MD5 for the DIGEST authentication algorithm, since Tomcat is not specifying the algorithm in the HTTP header (which I verified with an HTTP monitor tool). What I would LIKE to do is use SHA-1, since it's a more secure algorithm (and because I have engineer's disease, and I have to figure out how to do something even if there's an almost-as-good alternative). I know I can set the realm/ digest attribute to SHA-1, but I don't know how I cant tell Tomcat to require SHA-1 algorithm in the www-authenticate response header. I found a method that does this org.apache.catalina.authenticator.DigestAuthenticator.setAuthenticateHeader() But I'd like to do it with a configuration parameter. I've looked thorough all the Tomcat docs, and I see nothing that appears to do this. I opened the Servlet spec and looked at the XSD for the web.xml document, and there appears to be nothing there that can set the DIGEST algorithm. Perhaps it can be set in the server.xml file. I'm going to look for that XSD next, but if anyone knows off-hand what the parameter is, please enlighten me. If there's not a configuration parameter, could someone tell me how to do this programmatically? I'm fairly new to Tomcat, and I think I can figure out how to get access to the aforementioned setAuthenticateHeader() method in the servlet context, but I don't know how to make the container do that for the duration of a browser session, as opposed to setting the www-authenticate header every time my JSP or servlet is called. -Mark David Owens wrote: The docs say this: When a standard realm authenticates by retrieving the stored password and comparing it with the value presented by the user, you can select digested passwords by specifying the *digest* attribute on your Realm element. The value for this attribute must be one of the digest algorithms supported by the java.security.MessageDigest class (SHA, MD2, or MD5). When you select this option, the contents of the password that is stored in the Realm must be the cleartext version of the password, as digested by the specified algorithm. I have starred the word digest. If you look at the source for the page you will notice the word digest is in code tags, and I think they are trying to indicate this is a key word you can use in the realm tag. Let us know if this works for you. |)ave -Original Message- From: Mark Leone [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 1:53 AM To: Tomcat Users List Subject: Re: DIGEST authentication; Does it work?? So at 3:00 AM I decided to read the Basic and Digest Access Authentication spec (RFC 2617), and it says that MD5 is the default hash algorithm. I had previously seen that Tomcat wasn't sending any response headers explicitly specifying the hash algorithm, even though I had specified SHA in the realm/ element in Server.xml. So I changed my digest algorithm for the realm to MD5, and DIGEST authentication is now working. I'd like to make it work with SHA-1. I've looked all through the Tomcat documentation, and I can't find a configuration parameter to set the www-authenticate response header to indicate SHA-1 algorithm for the digest. I see the API that supports this in org.apache.catalina.authenticator.DigestAuthenticator ( setAuthenticateHeader() ), but I can't find a configuration parameter that will determine the value for algorithm passed to this method. Does anyone know how I
Re: DIGEST authentication; Does it work??
Dave, thanks very much for your help. Unfortunately, the passage you quoted is referring to how the password is digested when it is stored in the realm. This is working fine for me, and I've been able to configure it to use SHA-1 or MD-5 algorithms by setting the digest attribute in the realm/ element to either SHA or MD5, which are the appropriate keywords to identify those algorithms. What I described above works fine when I select BASIC authentication by putting the following in my web.xml login-config auth-methodBASIC/auth-method realm-nameJDBCRealm/realm-name /login-config However, I change BASIC above to DIGEST to induce the server to tell the client that DIGEST authentication is required, meaning that instead of sending the username and password as a Base64 encoded text string, which anyone can decode and thereby compromise the user's credentials, it will send a hash of the username and password, with a random value and a sequence counter generated by the server also included as an input to the hash function. This of course is a much more secure way to send login credentials. According to the spec that governs DIGEST access authentication (rfc2617), if the server does not explicitly specify a hash algorithm in the www-authenticate header of the HTTP response message (status 401- unauthorized), it defaults to MD5. So after much thrashing around, I discovered that I could only get DIGEST authentication to work by specifying MD-5 in the realm/ digest attribute, and then letting the client default to using MD5 for the DIGEST authentication algorithm, since Tomcat is not specifying the algorithm in the HTTP header (which I verified with an HTTP monitor tool). What I would LIKE to do is use SHA-1, since it's a more secure algorithm (and because I have engineer's disease, and I have to figure out how to do something even if there's an almost-as-good alternative). I know I can set the realm/ digest attribute to SHA-1, but I don't know how I cant tell Tomcat to require SHA-1 algorithm in the www-authenticate response header. I found a method that does this -- org.apache.catalina.authenticator.DigestAuthenticator.setAuthenticateHeader()-- But I'd like to do it with a configuration parameter. I've looked thorough all the Tomcat docs, and I see nothing that appears to do this. I opened the Servlet spec and looked at the XSD for the web.xml document, and there appears to be nothing there that can set the DIGEST algorithm. Perhaps it can be set in the server.xml file. I'm going to look for that XSD next, but if anyone knows off-hand what the parameter is, please enlighten me. If there's not a configuration parameter, could someone tell me how to do this programmatically? I'm fairly new to Tomcat, and I think I can figure out how to get access to the aforementioned setAuthenticateHeader() method in the servlet context, but I don't know how to make the container do that for the duration of a browser session, as opposed to setting the www-authenticate header every time my JSP or servlet is called. -Mark David Owens wrote: The docs say this: When a standard realm authenticates by retrieving the stored password and comparing it with the value presented by the user, you can select digested passwords by specifying the *digest* attribute on your Realm element. The value for this attribute must be one of the digest algorithms supported by the java.security.MessageDigest class (SHA, MD2, or MD5). When you select this option, the contents of the password that is stored in the Realm must be the cleartext version of the password, as digested by the specified algorithm. I have starred the word digest. If you look at the source for the page you will notice the word digest is in code tags, and I think they are trying to indicate this is a key word you can use in the realm tag. Let us know if this works for you. |)ave -Original Message- From: Mark Leone [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 1:53 AM To: Tomcat Users List Subject: Re: DIGEST authentication; Does it work?? So at 3:00 AM I decided to read the Basic and Digest Access Authentication spec (RFC 2617), and it says that MD5 is the default hash algorithm. I had previously seen that Tomcat wasn't sending any response headers explicitly specifying the hash algorithm, even though I had specified SHA in the realm/ element in Server.xml. So I changed my digest algorithm for the realm to MD5, and DIGEST authentication is now working. I'd like to make it work with SHA-1. I've looked all through the Tomcat documentation, and I can't find a configuration parameter to set the www-authenticate response header to indicate SHA-1 algorithm for the digest. I see the API that supports this in org.apache.catalina.authenticator.DigestAuthenticator ( setAuthenticateHeader() ), but I can't find a configuration parameter that will determine the value for algorithm passed to this method. Does anyone
Re: DIGEST authentication; Does it work??
When all else fails, look at the source code (Dave, thanks for the suggestion). There is no support for SHA-1 in Tomcat's implementation of DigestAuthenticator. It should be easy enough to implement, provided the core JDK supports the creation of an instance of java.security.MessageDigest that is implemented with SHA-1. I'll give this a try tomorrow- no midnight java tonight. -Mark Mark Leone wrote: Dave, thanks very much for your help. Unfortunately, the passage you quoted is referring to how the password is digested when it is stored in the realm. This is working fine for me, and I've been able to configure it to use SHA-1 or MD-5 algorithms by setting the digest attribute in the realm/ element to either SHA or MD5, which are the appropriate keywords to identify those algorithms. What I described above works fine when I select BASIC authentication by putting the following in my web.xml login-config auth-methodBASIC/auth-method realm-nameJDBCRealm/realm-name /login-config However, I change BASIC above to DIGEST to induce the server to tell the client that DIGEST authentication is required, meaning that instead of sending the username and password as a Base64 encoded text string, which anyone can decode and thereby compromise the user's credentials, it will send a hash of the username and password, with a random value and a sequence counter generated by the server also included as an input to the hash function. This of course is a much more secure way to send login credentials. According to the spec that governs DIGEST access authentication (rfc2617), if the server does not explicitly specify a hash algorithm in the www-authenticate header of the HTTP response message (status 401- unauthorized), it defaults to MD5. So after much thrashing around, I discovered that I could only get DIGEST authentication to work by specifying MD-5 in the realm/ digest attribute, and then letting the client default to using MD5 for the DIGEST authentication algorithm, since Tomcat is not specifying the algorithm in the HTTP header (which I verified with an HTTP monitor tool). What I would LIKE to do is use SHA-1, since it's a more secure algorithm (and because I have engineer's disease, and I have to figure out how to do something even if there's an almost-as-good alternative). I know I can set the realm/ digest attribute to SHA-1, but I don't know how I cant tell Tomcat to require SHA-1 algorithm in the www-authenticate response header. I found a method that does this org.apache.catalina.authenticator.DigestAuthenticator.setAuthenticateHeader() But I'd like to do it with a configuration parameter. I've looked thorough all the Tomcat docs, and I see nothing that appears to do this. I opened the Servlet spec and looked at the XSD for the web.xml document, and there appears to be nothing there that can set the DIGEST algorithm. Perhaps it can be set in the server.xml file. I'm going to look for that XSD next, but if anyone knows off-hand what the parameter is, please enlighten me. If there's not a configuration parameter, could someone tell me how to do this programmatically? I'm fairly new to Tomcat, and I think I can figure out how to get access to the aforementioned setAuthenticateHeader() method in the servlet context, but I don't know how to make the container do that for the duration of a browser session, as opposed to setting the www-authenticate header every time my JSP or servlet is called. -Mark David Owens wrote: The docs say this: When a standard realm authenticates by retrieving the stored password and comparing it with the value presented by the user, you can select digested passwords by specifying the *digest* attribute on your Realm element. The value for this attribute must be one of the digest algorithms supported by the java.security.MessageDigest class (SHA, MD2, or MD5). When you select this option, the contents of the password that is stored in the Realm must be the cleartext version of the password, as digested by the specified algorithm. I have starred the word digest. If you look at the source for the page you will notice the word digest is in code tags, and I think they are trying to indicate this is a key word you can use in the realm tag. Let us know if this works for you. |)ave -Original Message- From: Mark Leone [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 1:53 AM To: Tomcat Users List Subject: Re: DIGEST authentication; Does it work?? So at 3:00 AM I decided to read the Basic and Digest Access Authentication spec (RFC 2617), and it says that MD5 is the default hash algorithm. I had previously seen that Tomcat wasn't sending any response headers explicitly specifying the hash algorithm, even though I had specified SHA in the realm/ element in Server.xml. So I changed my digest algorithm for the realm to MD5, and DIGEST authentication is now working. I'd like to make it work with SHA-1. I've looked all through
Re: DIGEST authentication; Does it work??
Yes it does. I tested this extensively with both IE and Firefox. Any combination of the following is OK: Auth: BASIC, FORM, DIGEST Realm: Memory, UserDatabase, JDBC, DataSource Passwords: Cleartext, digested There is a complication when using digested passwords with the digest realm. You need to be using 4.1.x from CVS HEAD or 5.5.8+ For more info see: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html Mark Mark Leone wrote: I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem to work. I found some articles with Google about IE implementing DIGEST authentication in a way that only worked with MS servers, and I assume that hasn't been corrected. But I'm also using Firefox with the same results as IE. I saw an article about a workaround in Apache server to make DIGEST authentication work with IE, but I didn't see anything about Tomcat. Anyone know of any way to get DIGEST authentication in Tomcat to work with ANY browser? I should mention that I'm also using digested passwords in a JDBC Realm (implemented with mySQL), and I followed the how-to instructions for creating digested passwords to work with DIGEST authentication. And authentication with JDBCRealm works fine when I use BASIC authentication. For the record, I put the following in the Host element in Server.xml Context path=/MyApp docBase=MyApp Valve className=org.apache.catalina.authenticator.DigestAuthenticator disableProxyCaching=false / /Context I put the following in Server.xml's Engine element Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql:///Tomcat_RealmuserTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name digest=SHA/ And I put the following in my app's web.xml security-constraint.../ (elided) login-config auth-methodDIGEST/auth-method realm-nameJDBCRealm/realm-name /login-config security-role.../ (elided) And when I created the digested password to store in my JDBCRealm database, I digested: (username) : JDBCRealm : (password). As you can see, I specified SHA as the digest algorithm in Server.xml's realm element, and I used SHA to create the digested password that I stored in the database. I assume that the server will prompt the browser to use SHA also when it sends the challenge header requesting DIGEST authentication? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DIGEST authentication; Does it work??
Okay, I was using 5.5.7. So I just downloaded the source and built 5.5.8, and things got worse. Digest authentication is not working for me. I believe I've set everything up correctly. Using an HTTP monitor I see a 401 response coming back from Tomcat with a www-authenticate header whose parameters specify digest authentication and identify the realm as JDBCRealm. And I have a digested password that I created by digesting {username}:JDBCRealm:{password} (including the colons- is that correct?), as directed in the how-to documentation. But when I enter that username and password, the authentication fails. Now I used SHA-1 to digest the password, and my realm/ element in Server.xml identifies SHA as the digest algorithm for digesting passwords. Does this mean that the DIGEST authentication will also be done using SHA-1? Or do I need to specify that somewhere? Am I missing something else? I said it got worse with 5.5.8 because now I can't even get RealmBase to generate a digested password. I enter java -cp %catalina_home%\server\lib\catalina.jar org.apache.catalina.realm.RealmBase -a SHA {username}:JDBCRealm:{password} and I get: Exception in thread main java.lang.NoClassDefFoundError: org/apache/commons/lo gging/LogFactory at org.apache.catalina.realm.RealmBase.clinit(RealmBase.java:69) So it's finding RealmBase, but while executing that code it fails to find LogFactory. I don't see an org\apache\commons path in any of the class directories generated during the build. Do I have a defective build? Was I supposed to download something else? -Mark Mark Thomas wrote: Yes it does. I tested this extensively with both IE and Firefox. Any combination of the following is OK: Auth:BASIC, FORM, DIGEST Realm:Memory, UserDatabase, JDBC, DataSource Passwords:Cleartext, digested There is a complication when using digested passwords with the digest realm. You need to be using 4.1.x from CVS HEAD or 5.5.8+ For more info see: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html Mark Mark Leone wrote: I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem to work. I found some articles with Google about IE implementing DIGEST authentication in a way that only worked with MS servers, and I assume that hasn't been corrected. But I'm also using Firefox with the same results as IE. I saw an article about a workaround in Apache server to make DIGEST authentication work with IE, but I didn't see anything about Tomcat. Anyone know of any way to get DIGEST authentication in Tomcat to work with ANY browser? I should mention that I'm also using digested passwords in a JDBC Realm (implemented with mySQL), and I followed the how-to instructions for creating digested passwords to work with DIGEST authentication. And authentication with JDBCRealm works fine when I use BASIC authentication. For the record, I put the following in the Host element in Server.xml Context path=/MyApp docBase=MyApp Valve className=org.apache.catalina.authenticator.DigestAuthenticator disableProxyCaching=false / /Context I put the following in Server.xml's Engine element Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql:///Tomcat_RealmuserTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name digest=SHA/ And I put the following in my app's web.xml security-constraint.../ (elided) login-config auth-methodDIGEST/auth-method realm-nameJDBCRealm/realm-name /login-config security-role.../ (elided) And when I created the digested password to store in my JDBCRealm database, I digested: (username) : JDBCRealm : (password). As you can see, I specified SHA as the digest algorithm in Server.xml's realm element, and I used SHA to create the digested password that I stored in the database. I assume that the server will prompt the browser to use SHA also when it sends the challenge header requesting DIGEST authentication? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DIGEST authentication; Does it work??
I found a silly classpath error that fixed the problem using RealmBase. I didn't realize that my system still had environment variable %catalina_home% pointing to an old tomcat 4.1.24 directory. So when I opened a command window to generate digest values I was executing RealmBase in tomcat 4.1.24. But guess what. When I digest the same info with the same algorithm specifier (SHA) in Tomcat 4.1.24 and Tomcat 5.5.8 I get different digest values. And DIGEST authentication still doesn't work, in either case. Something very strange is going on here. :( -Mark Mark Leone wrote: Okay, I was using 5.5.7. So I just downloaded the source and built 5.5.8, and things got worse. Digest authentication is not working for me. I believe I've set everything up correctly. Using an HTTP monitor I see a 401 response coming back from Tomcat with a www-authenticate header whose parameters specify digest authentication and identify the realm as JDBCRealm. And I have a digested password that I created by digesting {username}:JDBCRealm:{password} (including the colons- is that correct?), as directed in the how-to documentation. But when I enter that username and password, the authentication fails. Now I used SHA-1 to digest the password, and my realm/ element in Server.xml identifies SHA as the digest algorithm for digesting passwords. Does this mean that the DIGEST authentication will also be done using SHA-1? Or do I need to specify that somewhere? Am I missing something else? I said it got worse with 5.5.8 because now I can't even get RealmBase to generate a digested password. I enter java -cp %catalina_home%\server\lib\catalina.jar org.apache.catalina.realm.RealmBase -a SHA {username}:JDBCRealm:{password} and I get: Exception in thread main java.lang.NoClassDefFoundError: org/apache/commons/lo gging/LogFactory at org.apache.catalina.realm.RealmBase.clinit(RealmBase.java:69) So it's finding RealmBase, but while executing that code it fails to find LogFactory. I don't see an org\apache\commons path in any of the class directories generated during the build. Do I have a defective build? Was I supposed to download something else? -Mark Mark Thomas wrote: Yes it does. I tested this extensively with both IE and Firefox. Any combination of the following is OK: Auth:BASIC, FORM, DIGEST Realm:Memory, UserDatabase, JDBC, DataSource Passwords:Cleartext, digested There is a complication when using digested passwords with the digest realm. You need to be using 4.1.x from CVS HEAD or 5.5.8+ For more info see: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html Mark Mark Leone wrote: I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem to work. I found some articles with Google about IE implementing DIGEST authentication in a way that only worked with MS servers, and I assume that hasn't been corrected. But I'm also using Firefox with the same results as IE. I saw an article about a workaround in Apache server to make DIGEST authentication work with IE, but I didn't see anything about Tomcat. Anyone know of any way to get DIGEST authentication in Tomcat to work with ANY browser? I should mention that I'm also using digested passwords in a JDBC Realm (implemented with mySQL), and I followed the how-to instructions for creating digested passwords to work with DIGEST authentication. And authentication with JDBCRealm works fine when I use BASIC authentication. For the record, I put the following in the Host element in Server.xml Context path=/MyApp docBase=MyApp Valve className=org.apache.catalina.authenticator.DigestAuthenticator disableProxyCaching=false / /Context I put the following in Server.xml's Engine element Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql:///Tomcat_RealmuserTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name digest=SHA/ And I put the following in my app's web.xml security-constraint.../ (elided) login-config auth-methodDIGEST/auth-method realm-nameJDBCRealm/realm-name /login-config security-role.../ (elided) And when I created the digested password to store in my JDBCRealm database, I digested: (username) : JDBCRealm : (password). As you can see, I specified SHA as the digest algorithm in Server.xml's realm element, and I used SHA to create the digested password that I stored in the database. I assume that the server will prompt the browser to use SHA also when it sends the challenge header requesting DIGEST authentication? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL
RE : tomcat-user Digest 20 Mar 2005 16:09:13 -0000 Issue 5487
In fact, what I really want is to prevent any other IIS or Apache to connect to my 8009 connector port, for my IIS machine is used for authentication. I don't want that someone can bypass this. I tried to use a Request Filter valve by adding this in my server.xml : Valve className=org.apache.catalina.valves.RemoteAddrValve allow=ip_address_of_my_iis_server/ But it doesn't work. Even if my clients don't connect directly to my Tomcat server (only my IIS server does, and i can verify this by using the netstat command), they are blocked by this valve. It seems that my IIS tells Tomcat that its IP adress is my client's one. Maybe that's why my clients IP addresses are logged in Tomcat when this valve is disabled. So now this valve is not enabled anymore, and if someone installs a web connector pointing to my Tomcat server, it will have access to my webapps... Any help will be appreciated. Fred -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Envoyé : dimanche 20 mars 2005 17:09 À : tomcat-user@jakarta.apache.org Objet : tomcat-user Digest 20 Mar 2005 16:09:13 - Issue 5487 Fichier: ATT46691.txtMessage: java.lang.NoClassDefFoundError: org/apache/tools/ant/types/RedirectorElementMessage: Re: java.lang.NoClassDefFoundError: org/apache/tools/ant/types/RedirectorElementMessage: JSP being interpreted?Message: Re: JSP being interpreted?Message: Re: JSP being interpreted?Message: Re: [Slightly OT] MVC approach when JSP are not allowedMessage: Re: [Slightly OT] MVC approach when JSP are not allowedMessage: Re: [Slightly OT] MVC approach when JSP are not allowedMessage: Re: [Slightly OT] MVC approach when JSP are not allowedMessage: servlet api question Message: JSP compile with jdk 1.5 in 5.5.7Message: Re: mod_jk under Win32 (Tomcat 5.0.28, apache 1.13.33)Message: Tomcat not running(4.0.6/5.0.19)-urgentMessage: Re: Tomcat not running(4.0.6/5.0.19)-urgentMessage: Re: Tomcat not running(4.0.6/5.0.19)-urgentMessage: Re: Tomcat not running(4.0.6/5.0.19)-urgentMessage: Re: How to setup demo app? Message: Re: Tomcat 5 on VPS service stops, still no luck. Message: Re: Authentication for streaming file (OT)Message: Re: Authentication for streaming file (OT)Message: Re: Using RealmBase.Digest(...)Message: Re: Using RealmBase.Digest(...) Message: Re: Tomcat not runningMessage: How to speed up development wie AppServerMessage: Tomcat rookie needs help building applicationMessage: Re: Tomcat rookie needs help building applicationMessage: Howto MBean Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration. Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. This message and any attachments ( the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration. Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.
Re: RE : tomcat-user Digest 20 Mar 2005 16:09:13 -0000 Issue 5487
Isn't a firewall what you really want/need, i.e. to disallow connections to port 8009 except when they come from your IIS server? VAN DER MARLIERE FREDERIC wrote: In fact, what I really want is to prevent any other IIS or Apache to connect to my 8009 connector port, for my IIS machine is used for authentication. I don't want that someone can bypass this. I tried to use a Request Filter valve by adding this in my server.xml : Valve className=org.apache.catalina.valves.RemoteAddrValve allow=ip_address_of_my_iis_server/ But it doesn't work. Even if my clients don't connect directly to my Tomcat server (only my IIS server does, and i can verify this by using the netstat command), they are blocked by this valve. It seems that my IIS tells Tomcat that its IP adress is my client's one. Maybe that's why my clients IP addresses are logged in Tomcat when this valve is disabled. So now this valve is not enabled anymore, and if someone installs a web connector pointing to my Tomcat server, it will have access to my webapps... Any help will be appreciated. Fred -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Envoyé : dimanche 20 mars 2005 17:09 À : tomcat-user@jakarta.apache.org Objet : tomcat-user Digest 20 Mar 2005 16:09:13 - Issue 5487 Fichier: ATT46691.txtMessage: java.lang.NoClassDefFoundError: org/apache/tools/ant/types/RedirectorElementMessage: Re: java.lang.NoClassDefFoundError: org/apache/tools/ant/types/RedirectorElementMessage: JSP being interpreted?Message: Re: JSP being interpreted?Message: Re: JSP being interpreted?Message: Re: [Slightly OT] MVC approach when JSP are not allowedMessage: Re: [Slightly OT] MVC approach when JSP are not allowedMessage: Re: [Slightly OT] MVC approach when JSP are not allowedMessage: Re: [Slightly OT] MVC approach when JSP are not allowedMessage: servlet api question Message: JSP compile with jdk 1.5 in 5.5.7Message: Re: mod_jk under Win32 (Tomcat 5.0.28, apache 1.13.33)Message: Tomcat not running(4.0.6/5.0.19)-urgentMessage: Re: Tomcat not running(4.0.6/5.0.19)-urgentMessage: Re: Tomcat not running(4.0.6/5.0.19)-urgentMessage: Re: Tomcat not running(4.0.6/5.0.19)-urgentMessage: Re: How to setup demo app? Message: Re: Tomcat 5 on VPS service stops, still no luck. Message: Re: Authentication for streaming file (OT)Message: Re: Authentication for streaming file (OT)Message: Re: Using RealmBase.Digest(...)Message: Re: Using RealmBase.Digest(...) Message: Re: Tomcat not runningMessage: How to speed up development wie AppServerMessage: Tomcat rookie needs help building applicationMessage: Re: Tomcat rookie needs help building applicationMessage: Howto MBean Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration. Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. This message and any attachments ( the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration. Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.
DIGEST authentication; Does it work??
I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem to work. I found some articles with Google about IE implementing DIGEST authentication in a way that only worked with MS servers, and I assume that hasn't been corrected. But I'm also using Firefox with the same results as IE. I saw an article about a workaround in Apache server to make DIGEST authentication work with IE, but I didn't see anything about Tomcat. Anyone know of any way to get DIGEST authentication in Tomcat to work with ANY browser? I should mention that I'm also using digested passwords in a JDBC Realm (implemented with mySQL), and I followed the how-to instructions for creating digested passwords to work with DIGEST authentication. And authentication with JDBCRealm works fine when I use BASIC authentication. For the record, I put the following in the Host element in Server.xml Context path=/MyApp docBase=MyApp Valve className=org.apache.catalina.authenticator.DigestAuthenticator disableProxyCaching=false / /Context I put the following in Server.xml's Engine element Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql:///Tomcat_Realm userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name digest=SHA/ And I put the following in my app's web.xml security-constraint.../ (elided) login-config auth-methodDIGEST/auth-method realm-nameJDBCRealm/realm-name /login-config security-role.../ (elided) And when I created the digested password to store in my JDBCRealm database, I digested: (username) : JDBCRealm : (password). As you can see, I specified SHA as the digest algorithm in Server.xml's realm element, and I used SHA to create the digested password that I stored in the database. I assume that the server will prompt the browser to use SHA also when it sends the challenge header requesting DIGEST authentication? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-user Digest 15 Feb 2005 20:05:19 -0000 Issue 5406
You have specified an https connector in server.xml hence you will always be prompted to accept the server certificate. Most browsers offer the option to add the certificate to the list of trusted certificates. Unless the certificate is invalid, this usually stops further prompts to accept the certificate. Mark Xeth Waxman wrote: Mark: Here is my server.xml file. I do have one application that I need the secure connection for, so I can't comment out the AJP running on 8009. ?xml version='1.0' encoding='utf-8'? Server Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource auth=Container description=User database that can be updated and saved name=UserDatabase type=org.apache.catalina.UserDatabase/ Resource name=jdbc/bestDB type=javax.sql.DataSource/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams ResourceParams name=jdbc/bestDB parameter namevalidationQuery/name valueselect * from invoiceitem/value /parameter parameter namemaxWait/name value5000/value /parameter parameter namemaxActive/name value50/value /parameter parameter namepassword/name valueboard97/value /parameter parameter nameurl/name valuejdbc:jtds:sqlserver://192.168.12.9/best_app/value /parameter parameter namedriverClassName/name valuenet.sourceforge.jtds.jdbcx.TdsDataSource/value /parameter parameter namemaxIdle/name value2/value /parameter parameter nameusername/name valueadmin/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 redirectPort=8081 /Connector Connector port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8081 /Connector Connector className=org.apache.coyote.tomcat5.CoyoteConnector port=8081 minProcessors=5 maxProcessors=75 enableLookups=true disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\Certs\.keystore /Connector Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost DefaultContext className=org.apache.catalina.core.StandardDefaultContext reloadable=true /DefaultContext Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true/ /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service /Server I'm almost positive the issue is with my server.xml file, I just don't know what it is. Your help and time is definitely valued! --Xeth -- Forwarded message -- From: Mark Thomas [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Tue, 15 Feb 2005 19:38:40 + Subject: Re: Security Constraint Could be a server.xml problem. Can you post the connector parts of your server.xml? Mark Xeth Waxman wrote: I have a new servlet which I've created - whenever you try to access this servlet, I get the security certificate dialog box (do you want to accept this certificate). However, this application has no security constraint in its web.xml file - I don't know why it's trying to serve up a certificate. In addition, you have to click 'yes' on the security dialog three times, as if it's trying to serve the certificate three times in a row. And, in the end, it doesn't take the user to a secur connection - it just takes them to the http: connection I wanted to get to in the first place. I'm using Tomcat 5.5 - here's a copy of my very simple web.xml - if anyone has any ideas, I'd appreciate it. I don't want to make this a secure site and take on the added overhead just because I can't stop the stupid certificate from popping up. ?xml version=1.0 encoding=UTF-8? web-app version=2.4 xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; servlet servlet-nameACHLogin/servlet-name servlet-classcom.gcc.achpayments.ACHLogin/servlet-class /servlet servlet servlet-nameAddACHPayment/servlet-name servlet-classcom.gcc.achpayments.AddACHPayment/servlet-class
Does DIGEST work in Tomcat 4.1.24?
Looking at RealmBase, it doesn't seem as if DIGEST authentication can ever work: public Principal authenticate(String username, String clientDigest, String nOnce, String nc, String cnonce, String qop, String realm, String md5a2) { String md5a1 = getDigest(username, realm); if (md5a1 == null) return null; snip } I have read that DIGEST does not work in conjunction with digesting of passwords in the database (although I have seen the DigestableMemoryRealm example that was posted to this group). In the above code, the getDigest(...) method will always return null unless the user has set the digest=md5 attribute in the Realm configuration in server.xml. In this case, this authenticate method will always return null unless md5 is in fact requested. In previous postings I've already seen where these cannot be combined. Am I interpreting this method call correctly? I took a look at the latest code online for this class ( http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/s hare/org/apache/catalina/realm/RealmBase.java?rev=1.41view=auto ) and it doesn't appear to have changed - am I missing something? Shouldn't this method handle the case when md5a1 returns null but not handle the case when it returns md5? Confused! -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 12:02 PM To: Tomcat Users List Subject: RE: org.apache.catalina.Realm Hi, Or follow any of the links that say CVS Repositories on the apache.org pages, which will take you here: http://cvs.apache.org/viewcvs.cgi/. Then go to jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Larry Meadors [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 11:56 AM To: [EMAIL PROTECTED] Subject: RE: org.apache.catalina.Realm Download the source distribution? [EMAIL PROTECTED] 10/15/04 9:51 AM Is there somewhere I can find the implementation of the JDBCRealm class? Looking at the Realm how-to I don't get a lot of information about sequence of calls, what methods are overridable, etc. Can anyone point me to the implementation of this class? -Original Message- From: Larry Meadors [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 11:30 AM To: [EMAIL PROTECTED] Subject: Re: org.apache.catalina.Realm IIRC, it is in $CATALINA_HOME/server/lib/catalina.jar, and that is where you would put your implementation, too (if it is in a jar...if it is a class, put it in $CATALINA_HOME/server/classes). Larry [EMAIL PROTECTED] 10/15/04 9:21 AM Can someone help me get started building my own custom realm? I can't seem to locate which jar file this class is in. Also, once I create the Realm in, say for example, package my.realm.package, where do I place the class files so that the custom realm can be accessed from Tomcat? Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DataSourceRealm + DIGEST authentication
Hi all, Has anyone created a DataSourceRealm that works with DIGEST authentication? I'm planning to make one, but only if I'm not reinventing the wheel. If anyone's interested, here's what I have so far: http://sylow.no-ip.com/pub/apache/jakarta/tomcat/DigestableDataSourceRealm.java Any comments welcome. Best regards, -- Shinobu Kawai -- Shinobu Kawai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DataSourceRealm + DIGEST authentication
Hi all, Has anyone created a DataSourceRealm that works with DIGEST authentication? I'm planning to make one, but only if I'm not reinventing the wheel. A relative bugzilla issue: http://issues.apache.org/bugzilla/show_bug.cgi?id=19767 Best regards, -- Shinobu Kawai -- Shinobu Kawai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Using Digested Passwords and DIGEST Authentication at the sam e time.
Hi, Thank you for posting this fine explanation and solution so that others may learn. It always makes my day when people figure out good solutions! Now if the Red Sox win, this will truly be a great day! ;) But a good weekend to all, regardless... Yoav Shapira Millennium Research Informatics -Original Message- From: Shinobu Kawai [mailto:[EMAIL PROTECTED] Sent: Friday, October 08, 2004 1:14 AM To: Tomcat Users List Subject: Re: Using Digested Passwords and DIGEST Authentication at the sam e time. Hi Phillip, Thanks for the information. - Not all browsers supported DIGEST authentication, so you can't gurantee that all clients will be able to authenticate... Internet Explorer and Knoqueror are two browsers that do support DIGEST authentication. Mozilla 1.0 claims to recognize the DIGEST request (0.9 doesn't even recognize this), but can't authenticate. This is cleared, since we are using IE 6. - DIGEST authentication doesn't work if the passwords are digested on the Tomcat side (so that they can't be read as cleartext) because of the way that DIGEST mechanism calculates its digest. First of all the browser calculates a digest of the username, the password, the URL, the HTTP method, and a random string sent to it by the server. Likewise, the server creates a digest to verify that the details entered by the user are correct. However, as the password is already digested on the server, and thus completely diferent from the cleartext version entered into the browser, the two digests will be different, and authentication will fail... So here's my problem. I looked further into this, and found a solution, which I would like to share. First, if you take a look at the DIGEST authentication spec at http://www.faqs.org/rfcs/rfc2617.html You will see in section 3.2.2.2 A1, that for MD5, the hashed result depends on username, realm and password. Which means, if I couple the usernames with the realm, it is possible to hash the passwords stored in the server. Next, I found where the A1 is being calculated in Tomcat: RealmBase#getDigest(String username, String realmName) If I override this method to return the hashed password, the digested password and DIGEST authentication should work together. In order to test my theory, I have created a Realm that does the above, extending MemoryRealm: http://sylow.no- ip.com/pub/apache/jakarta/tomcat/DigestableMemoryRealm.java I set it in my Context using: Context path=/shinobu docBase=shinobu workDir=work\Catalina\localhost\shinobu Realm className=org.ieee.shinobu.demo.tomcat.DigestableMemoryRealm digest=MD5 pathname=conf/shinobu-users.xml / /Context Inside my shinobu-users.xml: tomcat-users role rolename=shinobu.admin/ user username=md5a1_admin password=57348f05c8378963c2d52ec456f6b6fd roles=shinobu.admin/ /tomcat-users The password is md5a1_admin:Shinobu's domain:shinobu_admin digested with MD5. I set authentication to DIGEST in my web.xml: web-app security-constraint web-resource-collection url-pattern/admin/*/url-pattern /web-resource-collection auth-constraint role-nameshinobu.admin/role-name /auth-constraint /security-constraint login-config auth-methodDIGEST/auth-method realm-nameShinobu's domain/realm-name /login-config security-role role-nameshinobu.admin/role-name /security-role /web-app I access http://localhost:8080/shinobu/admin/ and wholla! It works! Best regards, -- Shinobu Kawai -- Shinobu Kawai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Using Digested Passwords and DIGEST Authentication at the same time.
Hi all, I'm looking for a way to use Digested Passwords as in http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html and DIGEST Authentication at the same time. I have found relative questions/threads in the list: http://www.mail-archive.com/[EMAIL PROTECTED]/msg97135.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg90244.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg88409.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg79660.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg79525.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg72288.html But none of them has a solution. Any idea's before I start hacking Tomcat? TYI Best regards, -- Shinobu Kawai -- Shinobu Kawai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Using Digested Passwords and DIGEST Authentication at the sam e time.
Have you tried it based on the howto? -Original Message- From: Shinobu Kawai [mailto:[EMAIL PROTECTED] Sent: October 7, 2004 12:01 PM To: [EMAIL PROTECTED] Subject: Using Digested Passwords and DIGEST Authentication at the same time. Hi all, I'm looking for a way to use Digested Passwords as in http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html and DIGEST Authentication at the same time. I have found relative questions/threads in the list: http://www.mail-archive.com/[EMAIL PROTECTED]/msg97135.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg90244.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg88409.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg79660.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg79525.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg72288.html But none of them has a solution. Any idea's before I start hacking Tomcat? TYI Best regards, -- Shinobu Kawai -- Shinobu Kawai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:41656842305042134720186!
Re: Using Digested Passwords and DIGEST Authentication at the sam e time.
Hi Phillip, Have you tried it based on the howto? Yep. Here's what I tried: (All with o.a.c.r.MemoryRealm) clear text + BASIC - works! clear text + DIGEST - works! MD5 digest + BASIC - works! SHA digest + BASIC - works! MD5 digest + DIGEST - doesn't work! SHA digest + DIGEST - doesn't work! Strangely, if I enter the digested password, it passes. Best regards, -- Shinobu Kawai -- Shinobu Kawai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Using Digested Passwords and DIGEST Authentication at the sam e time.
I don't think MD5+DIGEST will work. Take a look at any subclass of RealmBase. Realm has nothing to do with web.xml attribute login-config. In the authenticate method, Realm checks hasMessageDigest() - value of Realm digest=. If hasMessageDigest, in your case =MD5, Realm digests the password and compare it with the value stored in database. -Original Message- From: Shinobu Kawai [mailto:[EMAIL PROTECTED] Sent: October 7, 2004 12:51 PM To: Tomcat Users List Subject: Re: Using Digested Passwords and DIGEST Authentication at the sam e time. Hi Phillip, Have you tried it based on the howto? Yep. Here's what I tried: (All with o.a.c.r.MemoryRealm) clear text + BASIC - works! clear text + DIGEST - works! MD5 digest + BASIC - works! SHA digest + BASIC - works! MD5 digest + DIGEST - doesn't work! SHA digest + DIGEST - doesn't work! Strangely, if I enter the digested password, it passes. Best regards, -- Shinobu Kawai -- Shinobu Kawai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:416573fa311026568999013!
RE: Using Digested Passwords and DIGEST Authentication at the sam e time.
It's interesting you know. I read a book called Professional Apache Tomcat published by Worx. In Chapter 16 Tomcat Security, the author says - Not all browsers supported DIGEST authentication, so you can't gurantee that all clients will be able to authenticate... Internet Explorer and Knoqueror are two browsers that do support DIGEST authentication. Mozilla 1.0 claims to recognize the DIGEST request (0.9 doesn't even recognize this), but can't authenticate. - DIGEST authentication doesn't work if the passwords are digested on the Tomcat side (so that they can't be read as cleartext) because of the way that DIGEST mechanism calculates its digest. First of all the browser calculates a digest of the username, the password, the URL, the HTTP method, and a random string sent to it by the server. Likewise, the server creates a digest to verify that the details entered by the user are correct. However, as the password is already digested on the server, and thus completely diferent from the cleartext version entered into the browser, the two digests will be different, and authentication will fail... -Original Message- From: Phillip Qin [mailto:[EMAIL PROTECTED] Sent: October 7, 2004 1:17 PM To: 'Tomcat Users List' Subject: RE: Using Digested Passwords and DIGEST Authentication at the sam e time. I don't think MD5+DIGEST will work. Take a look at any subclass of RealmBase. Realm has nothing to do with web.xml attribute login-config. In the authenticate method, Realm checks hasMessageDigest() - value of Realm digest=. If hasMessageDigest, in your case =MD5, Realm digests the password and compare it with the value stored in database. -Original Message- From: Shinobu Kawai [mailto:[EMAIL PROTECTED] Sent: October 7, 2004 12:51 PM To: Tomcat Users List Subject: Re: Using Digested Passwords and DIGEST Authentication at the sam e time. Hi Phillip, Have you tried it based on the howto? Yep. Here's what I tried: (All with o.a.c.r.MemoryRealm) clear text + BASIC - works! clear text + DIGEST - works! MD5 digest + BASIC - works! SHA digest + BASIC - works! MD5 digest + DIGEST - doesn't work! SHA digest + DIGEST - doesn't work! Strangely, if I enter the digested password, it passes. Best regards, -- Shinobu Kawai -- Shinobu Kawai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:41657a1d315521660274146!
RE: Using Digested Passwords and DIGEST Authentication at the sam e time.
As I am knew to Tomcat I will ask you to excuse my ignorance. I have just realized (and I am asking those with the necessary experience to verify this) that when you talk about DIGEST authentication there are really two separate and distinct forms of it: 1. Indicate to the BROWSER to digest the password before it is passed over the network. Tomcat would then extract the PLAIN TEXT password from the database, digest it using the same algorithm and copare it to the digested value that was just received from the browser. 2. Indicate to the REALM that passwords in the database are stored as hash values of the user password. Tomcat will receive the password from the browser in PLAIN TEXT - the realm will hash it and compare it to the retrieved hashed password from the database. As mentioned below, combining these two mechanisms won't work. This happens to be fine for me - we use SSL for all data transfer but we were storing passwords in plain text in the database. We'd like to store hashed values. It is now my understanding that I can continue to use BASIC authentication but simply configure the realm to expect hashed passwords in the database. That really clarifies a lot (assuming I haven't bungled it). I kept finding opposing views concerning digestion of passwords and I couldn't find any absolutes about it. What a relief to finally get some insight! Any clarification or correction of this information would be greatly appreciated before I commit it to memory. Thanks!!! -Original Message- From: Phillip Qin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 07, 2004 1:17 PM To: 'Tomcat Users List' Subject: RE: Using Digested Passwords and DIGEST Authentication at the sam e time. I don't think MD5+DIGEST will work. Take a look at any subclass of RealmBase. Realm has nothing to do with web.xml attribute login-config. In the authenticate method, Realm checks hasMessageDigest() - value of Realm digest=. If hasMessageDigest, in your case =MD5, Realm digests the password and compare it with the value stored in database. -Original Message- From: Shinobu Kawai [mailto:[EMAIL PROTECTED] Sent: October 7, 2004 12:51 PM To: Tomcat Users List Subject: Re: Using Digested Passwords and DIGEST Authentication at the sam e time. Hi Phillip, Have you tried it based on the howto? Yep. Here's what I tried: (All with o.a.c.r.MemoryRealm) clear text + BASIC - works! clear text + DIGEST - works! MD5 digest + BASIC - works! SHA digest + BASIC - works! MD5 digest + DIGEST - doesn't work! SHA digest + DIGEST - doesn't work! Strangely, if I enter the digested password, it passes. Best regards, -- Shinobu Kawai -- Shinobu Kawai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:416573fa311026568999013! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using Digested Passwords and DIGEST Authentication at the sam e time.
Hi Phillip, Thanks for the information. - Not all browsers supported DIGEST authentication, so you can't gurantee that all clients will be able to authenticate... Internet Explorer and Knoqueror are two browsers that do support DIGEST authentication. Mozilla 1.0 claims to recognize the DIGEST request (0.9 doesn't even recognize this), but can't authenticate. This is cleared, since we are using IE 6. - DIGEST authentication doesn't work if the passwords are digested on the Tomcat side (so that they can't be read as cleartext) because of the way that DIGEST mechanism calculates its digest. First of all the browser calculates a digest of the username, the password, the URL, the HTTP method, and a random string sent to it by the server. Likewise, the server creates a digest to verify that the details entered by the user are correct. However, as the password is already digested on the server, and thus completely diferent from the cleartext version entered into the browser, the two digests will be different, and authentication will fail... So here's my problem. I looked further into this, and found a solution, which I would like to share. First, if you take a look at the DIGEST authentication spec at http://www.faqs.org/rfcs/rfc2617.html You will see in section 3.2.2.2 A1, that for MD5, the hashed result depends on username, realm and password. Which means, if I couple the usernames with the realm, it is possible to hash the passwords stored in the server. Next, I found where the A1 is being calculated in Tomcat: RealmBase#getDigest(String username, String realmName) If I override this method to return the hashed password, the digested password and DIGEST authentication should work together. In order to test my theory, I have created a Realm that does the above, extending MemoryRealm: http://sylow.no-ip.com/pub/apache/jakarta/tomcat/DigestableMemoryRealm.java I set it in my Context using: Context path=/shinobu docBase=shinobu workDir=work\Catalina\localhost\shinobu Realm className=org.ieee.shinobu.demo.tomcat.DigestableMemoryRealm digest=MD5 pathname=conf/shinobu-users.xml / /Context Inside my shinobu-users.xml: tomcat-users role rolename=shinobu.admin/ user username=md5a1_admin password=57348f05c8378963c2d52ec456f6b6fd roles=shinobu.admin/ /tomcat-users The password is md5a1_admin:Shinobu's domain:shinobu_admin digested with MD5. I set authentication to DIGEST in my web.xml: web-app security-constraint web-resource-collection url-pattern/admin/*/url-pattern /web-resource-collection auth-constraint role-nameshinobu.admin/role-name /auth-constraint /security-constraint login-config auth-methodDIGEST/auth-method realm-nameShinobu's domain/realm-name /login-config security-role role-nameshinobu.admin/role-name /security-role /web-app I access http://localhost:8080/shinobu/admin/ and wholla! It works! Best regards, -- Shinobu Kawai -- Shinobu Kawai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: DIGEST Authentication in Tomcat 4 vs Tomcat 5
Hi, AFAIK, Digested passwords work just fine in both the Memory and JDBC Realms. I haven't tried it with a JNDI, LDAP, or JAAS Realm. The doc page for Realms is at http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#Digeste d%20Passwords. This is for Tomcat 5, I haven't done tested it for 4.x (you should upgrade to 5 anyways if possible for you). Yoav Shapira Millennium Research Informatics -Original Message- From: Anderson, M. Paul [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 6:30 PM To: 'Tomcat Users List' Subject: DIGEST Authentication in Tomcat 4 vs Tomcat 5 Can anyone point me to information concerning whether or not DIGEST authentication works in Tomcat 4 and/or Tomcat 5? I have only found conflicting information on the web as well as in several books. Is there a tutorial out there somewhere that would help me set this up? I have seen comments such as Container managed digest authentication is broken in almost all of Tomcat 4.1's realm implementations. Is this true? Have they been fixed in 5? Thanks a million! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: DIGEST Authentication in Tomcat 4 vs Tomcat 5
There have been a few issues (see the change log at http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-4.0/catalina/src/share/org/apac he/catalina/authenticator/DigestAuthenticator.java for details) but these have been fixed in both TC4 and TC5. The latest TC4 release (4.1.30) does not contain these fixes - hopefully there will be a 4.1.31 release soon. However, you should update to TC5 if you can as it is now the main focus of development effort. Mark -Original Message- From: Anderson, M. Paul [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 11:30 PM To: 'Tomcat Users List' Subject: DIGEST Authentication in Tomcat 4 vs Tomcat 5 Can anyone point me to information concerning whether or not DIGEST authentication works in Tomcat 4 and/or Tomcat 5? I have only found conflicting information on the web as well as in several books. Is there a tutorial out there somewhere that would help me set this up? I have seen comments such as Container managed digest authentication is broken in almost all of Tomcat 4.1's realm implementations. Is this true? Have they been fixed in 5? Thanks a million! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DIGEST Authentication in Tomcat 4 vs Tomcat 5
Can anyone point me to information concerning whether or not DIGEST authentication works in Tomcat 4 and/or Tomcat 5? I have only found conflicting information on the web as well as in several books. Is there a tutorial out there somewhere that would help me set this up? I have seen comments such as Container managed digest authentication is broken in almost all of Tomcat 4.1's realm implementations. Is this true? Have they been fixed in 5? Thanks a million! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DIGEST Authentication question
Hi guys. I'm having trouble setting up DIGEST authentication for single webapp in Tomcat 5.0.27. does anyone have done it successfully I'd appreciate some guidance in this area Alex
Re: Does tomcat5 support digest authentication?
There is only very minimal support for DIGEST authentication. So minimal that in practice I can't see how it could be of any use at this point in time. It is on the list to be improved, but no idea for when: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/status.html Original Message Message-ID: [EMAIL PROTECTED] Date: Thu, 22 Jul 2004 20:35:13 -0700 (PDT) From: jiesheng zhang [EMAIL PROTECTED] Subject:Does tomcat5 support digest authentication? To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii I think it supports digest authentication. However I can not make it works even in the simplest case. I have a basic tomcat 5 installation with one of my web application. I'd like to use digest authentication(I do not send password to server in clear text). The configuration is like this security-constraint web-resource-collection web-resource-nameThe Entire Web Application/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodDIGEST/auth-method realm-nameTomcat Supported Realm/realm-name /login-config security-role description An example role defined in \conf/tomcat-users.xml\ /description role-nametomcat/role-name /security-role However, it does not work. I always get 403 (access is denied error). If I use BASIC authentication, everything works fine. I searched the mail list. It seemed other people also has this problem. However there is no any solution posted for it. Have anyone get digest authentication works?If anyone does, what extra step/caution should I takes? Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Does tomcat5 support digest authentication?
I think it supports digest authentication. However I can not make it works even in the simplest case. I have a basic tomcat 5 installation with one of my web application. I'd like to use digest authentication(I do not send password to server in clear text). The configuration is like this security-constraint web-resource-collection web-resource-nameThe Entire Web Application/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodDIGEST/auth-method realm-nameTomcat Supported Realm/realm-name /login-config security-role description An example role defined in conf/tomcat-users.xml /description role-nametomcat/role-name /security-role However, it does not work. I always get 403 (access is denied error). If I use BASIC authentication, everything works fine. I searched the mail list. It seemed other people also has this problem. However there is no any solution posted for it. Have anyone get digest authentication works?If anyone does, what extra step/caution should I takes? Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication method 'DIGEST'
UserDatabase doesn't support DIGEST. In fact, it could be that only MemoryRealm (which supports everything) does. However, I can't be bothered to look :). [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Does anyone know if the DIGEST authentication is supported by Tomcat 5? I have been trying to get it working with a Tomcat 5.0.24 on Windows and the default UserDatabase, but have not been completely successful. The authentication of a user seems to work OK (with the browser dialog being and so), but the principal is not available and probably the roles are not set and also I still get a HTTP Status 403 - Access to the requested resource has been denied With the same configuration, changing only the method from DIGEST to BASIC works without problems. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Authentication method 'DIGEST'
Sure Tom, the development machine is Windows (XP) and in a domain, so that can only be NT or Active Directory. Also have a test Win2K machine (standalone), with the same behaviour. None of this should change anything AFAIK, since it is with the default UserDatabase, we do not use JAAS or anything. - Original Message - From: [EMAIL PROTECTED] Sent: Mon, 12 Jul 2004 14:53:42 +0100 What kind of Windows environment are you in? I think you've got to be a NT or Active Directory domain. Tom Burke - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 12, 2004 2:28 PM Subject: Authentication method 'DIGEST' Does anyone know if the DIGEST authentication is supported by Tomcat 5? I have been trying to get it working with a Tomcat 5.0.24 on Windows and the default UserDatabase, but have not been completely successful. The authentication of a user seems to work OK (with the browser dialog being and so), but the principal is not available and probably the roles are not set and also I still get a HTTP Status 403 - Access to the requested resource has been denied With the same configuration, changing only the method from DIGEST to BASIC works without problems.
RE: Authentication method 'DIGEST'
Sure Tom, the development machine is Windows (XP) and in a domain, so that can only be NT or Active Directory. We also have a test Win2K machine (standalone), with the same behaviour. None of this should change anything AFAIK, since it is with the default UserDatabase (the XML file). We do not use JAAS or anything. - Original Message - From: [EMAIL PROTECTED] Sent: Mon, 12 Jul 2004 14:53:42 +0100 What kind of Windows environment are you in? I think you've got to be a NT or Active Directory domain. Tom Burke - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 12, 2004 2:28 PM Subject: Authentication method 'DIGEST' Does anyone know if the DIGEST authentication is supported by Tomcat 5? I have been trying to get it working with a Tomcat 5.0.24 on Windows and the default UserDatabase, but have not been completely successful. The authentication of a user seems to work OK (with the browser dialog being and so), but the principal is not available and probably the roles are not set and also I still get a HTTP Status 403 - Access to the requested resource has been denied With the same configuration, changing only the method from DIGEST to BASIC works without problems.
Authentication method 'DIGEST'
Does anyone know if the DIGEST authentication is supported by Tomcat 5? I have been trying to get it working with a Tomcat 5.0.24 on Windows and the default UserDatabase, but have not been completely successful. The authentication of a user seems to work OK (with the browser dialog being and so), but the principal is not available and probably the roles are not set and also I still get a HTTP Status 403 - Access to the requested resource has been denied With the same configuration, changing only the method from DIGEST to BASIC works without problems.
Re: Authentication method 'DIGEST'
What kind of Windows environment are you in? I think you've got to be a NT or Active Directory domain. Tom Burke - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 12, 2004 2:28 PM Subject: Authentication method 'DIGEST' Does anyone know if the DIGEST authentication is supported by Tomcat 5? I have been trying to get it working with a Tomcat 5.0.24 on Windows and the default UserDatabase, but have not been completely successful. The authentication of a user seems to work OK (with the browser dialog being and so), but the principal is not available and probably the roles are not set and also I still get a HTTP Status 403 - Access to the requested resource has been denied With the same configuration, changing only the method from DIGEST to BASIC works without problems. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-user Digest 18 May 2004 12:51:46 -0000 Issue 4449
On May 18, 2004, at 8:51 AM, [EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] Date: May 18, 2004 7:39:32 AM EDT To: [EMAIL PROTECTED] Subject: RE: please take me off the mailing list! Have you followed the instructions at the end of the message? Yes I have. I've sent mail to [EMAIL PROTECTED], and to [EMAIL PROTECTED], neither of which have gotten any responses. I'm sorry to bother the whole list with this, but I must have sent about a half-dozen unsubscribe requests to the above addresses over the past few weeks, and they all seem to have fallen into a black hole. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat-user Digest 18 May 2004 12:51:46 -0000 Issue 4449
Has your mail address changed or do you now use a different address than in your subscription ? Look at the return path of the mails you receive from the list and you get: Return-Path: tomcat-user-return-26788-your name=your domain@jakarta.apache.org If that doesn't match roy=panix.com use this address to unsubscribe: tomcat-user-unsubscribe-your name=your domain@jakarta.apache.org -Original Message- From: Roy Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 18, 2004 5:10 PM To: Tomcat Users List Cc: Roy Smith Subject: Re: tomcat-user Digest 18 May 2004 12:51:46 - Issue 4449 On May 18, 2004, at 8:51 AM, [EMAIL PROTECTED] wrote: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
realms - password digest schemas
Hi All, I have to migrate with user accounts from ldap server to db server. Until now I was using JNDIRealm, now I have to move DataSourceRealm. In the ldap directory user passwords are stored in {foo}passwd schema, where foo could be crypt, md5 or sha. Existing realms assume hardcoded digest in the configuration, so I cannot store passwords in my database in different schemas. My question is - are there any plans to add such feature to tomcat realms (I mean - defining the password digest per password in a {foo}passwd scheme)? btw. I have been browsing this mailing list and and I have found some notes about some plans, that's why this mail is not sent to the developer list. regards, bartek - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-user Digest 4 Mar 2004 15:10:03 -0000 Issue 4116
On Mar 4, 2004, at 10:10 AM, [EMAIL PROTECTED] wrote: I have several classes that use AdvnetNet SNMP packages. One of them sends snmpSet() to several remote devices. If I run the class from a console Java application, it works ok (running on the save host where Tomcat is residing). But If I call it from a JSP page, the snmpSet() returns a timeout trying to communicate with IP w.x.y.z error. I tried a workaround : instead of using the Adventnet class, I used a Runtime.getRuntime().exec() call to execute a command line /usr/bin/snmpset command. Again, if I run the snmpset command from a shell prompt, it works ok. But if I run it from a JSP page, I get a communication timeout (cannot reach the remote IP). I wrote a small Perl CGI script that runs the same snmpset command, and it works just fine on the same host. I'm not familiar with AdvnetNet in particular, so this is just a guess, but is it possible there's something missing in the environment when run under tomcat that the library needs? Maybe an environment variable that points to a MIB directory or something? Maybe it gets the community string from the environment? An incorrect community string would result in a timeout. Do you have an ethernet sniffer (tcpdump, etherial, snoop, etc)? Watch port 161. Do you see any request packets go out? What happens when you try doing a get instead of a set? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
manager webapp % digest auth
has anyone here tried setting /manager webapp to use DIGEST instead of BASIC? I just tried it this morning and it didn't work for me. peter - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard
digest password setup
Hi, I have installed Tomcat as usual. Now I want to use digest password with tomcat database by adding digest=MD5 to the realm. But, when I do that, how do I get back in? the original password in the tomcat-user.xml file is normal text. and during the login after the digest is setup, it is using the digest algorithm with is not matching the original password. I hope I was clear enough. Any help would be nice. James Ostad Application Developer/Analyst TMS Department Ex. 4457 E-mail: [EMAIL PROTECTED] Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: digest password setup
Simply change the password using MD5 and put it in the proper database field. The link below explains how to do this. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Digested%20 Passwords Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:50 AM To: Tom (E-mail) Subject: digest password setup Hi, I have installed Tomcat as usual. Now I want to use digest password with tomcat database by adding digest=MD5 to the realm. But, when I do that, how do I get back in? the original password in the tomcat-user.xml file is normal text. and during the login after the digest is setup, it is using the digest algorithm with is not matching the original password. I hope I was clear enough. Any help would be nice. James Ostad Application Developer/Analyst TMS Department Ex. 4457 E-mail: [EMAIL PROTECTED] Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: digest password setup
Hi, I am putting the following command from the URL you send me to: java org.apache.catalina.realm.RealmBase \ -a {algorithm} {cleartext-password} But I am getting error of the class not found. my classpath does include the jar file. any suggestion, thanks, James -Original Message- From: Vinh Tran [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:24 PM To: Tomcat Users List Subject: RE: digest password setup Simply change the password using MD5 and put it in the proper database field. The link below explains how to do this. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Digeste d%20 Passwords Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:50 AM To: Tom (E-mail) Subject: digest password setup Hi, I have installed Tomcat as usual. Now I want to use digest password with tomcat database by adding digest=MD5 to the realm. But, when I do that, how do I get back in? the original password in the tomcat-user.xml file is normal text. and during the login after the digest is setup, it is using the digest algorithm with is not matching the original password. I hope I was clear enough. Any help would be nice. James Ostad Application Developer/Analyst TMS Department Ex. 4457 E-mail: [EMAIL PROTECTED] Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: digest password setup
You need to set your classpath properly. Read the last line from the URL I sent you... [excerpt] To use either of the above techniques, the $CATALINA_HOME/server/lib/catalina.jar file will need to be on your class path to make the RealmBase class available. Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:39 PM To: Tomcat Users List Subject: RE: digest password setup Hi, I am putting the following command from the URL you send me to: java org.apache.catalina.realm.RealmBase \ -a {algorithm} {cleartext-password} But I am getting error of the class not found. my classpath does include the jar file. any suggestion, thanks, James -Original Message- From: Vinh Tran [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:24 PM To: Tomcat Users List Subject: RE: digest password setup Simply change the password using MD5 and put it in the proper database field. The link below explains how to do this. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Digeste d%20 Passwords Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:50 AM To: Tom (E-mail) Subject: digest password setup Hi, I have installed Tomcat as usual. Now I want to use digest password with tomcat database by adding digest=MD5 to the realm. But, when I do that, how do I get back in? the original password in the tomcat-user.xml file is normal text. and during the login after the digest is setup, it is using the digest algorithm with is not matching the original password. I hope I was clear enough. Any help would be nice. James Ostad Application Developer/Analyst TMS Department Ex. 4457 E-mail: [EMAIL PROTECTED] Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: digest password setup
Hi again, It is asking for credential: usage: realmbase -a algorithm credentials what am I supposed to put in place of credentials? I have tried a text file with the password in it. it didnot work. any suggestion? thanks, James -Original Message- From: Vinh Tran [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 1:23 PM To: Tomcat Users List Subject: RE: digest password setup You need to set your classpath properly. Read the last line from the URL I sent you... [excerpt] To use either of the above techniques, the $CATALINA_HOME/server/lib/catalina.jar file will need to be on your class path to make the RealmBase class available. Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:39 PM To: Tomcat Users List Subject: RE: digest password setup Hi, I am putting the following command from the URL you send me to: java org.apache.catalina.realm.RealmBase \ -a {algorithm} {cleartext-password} But I am getting error of the class not found. my classpath does include the jar file. any suggestion, thanks, James -Original Message- From: Vinh Tran [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:24 PM To: Tomcat Users List Subject: RE: digest password setup Simply change the password using MD5 and put it in the proper database field. The link below explains how to do this. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Digeste d%20 Passwords Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:50 AM To: Tom (E-mail) Subject: digest password setup Hi, I have installed Tomcat as usual. Now I want to use digest password with tomcat database by adding digest=MD5 to the realm. But, when I do that, how do I get back in? the original password in the tomcat-user.xml file is normal text. and during the login after the digest is setup, it is using the digest algorithm with is not matching the original password. I hope I was clear enough. Any help would be nice. James Ostad Application Developer/Analyst TMS Department Ex. 4457 E-mail: [EMAIL PROTECTED] Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: digest password setup
got them. Thanks for help. I had to drop the \ in the formula. James -Original Message- From: Ostad, James Sent: Tuesday, December 09, 2003 1:46 PM To: Tomcat Users List Subject: RE: digest password setup Hi again, It is asking for credential: usage: realmbase -a algorithm credentials what am I supposed to put in place of credentials? I have tried a text file with the password in it. it didnot work. any suggestion? thanks, James -Original Message- From: Vinh Tran [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 1:23 PM To: Tomcat Users List Subject: RE: digest password setup You need to set your classpath properly. Read the last line from the URL I sent you... [excerpt] To use either of the above techniques, the $CATALINA_HOME/server/lib/catalina.jar file will need to be on your class path to make the RealmBase class available. Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:39 PM To: Tomcat Users List Subject: RE: digest password setup Hi, I am putting the following command from the URL you send me to: java org.apache.catalina.realm.RealmBase \ -a {algorithm} {cleartext-password} But I am getting error of the class not found. my classpath does include the jar file. any suggestion, thanks, James -Original Message- From: Vinh Tran [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:24 PM To: Tomcat Users List Subject: RE: digest password setup Simply change the password using MD5 and put it in the proper database field. The link below explains how to do this. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Digeste d%20 Passwords Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:50 AM To: Tom (E-mail) Subject: digest password setup Hi, I have installed Tomcat as usual. Now I want to use digest password with tomcat database by adding digest=MD5 to the realm. But, when I do that, how do I get back in? the original password in the tomcat-user.xml file is normal text. and during the login after the digest is setup, it is using the digest algorithm with is not matching the original password. I hope I was clear enough. Any help would be nice. James Ostad Application Developer/Analyst TMS Department Ex. 4457 E-mail: [EMAIL PROTECTED] Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: digest password setup
I am trying to use digest password with form based login, using tomcat database. I converted admin password to md5 format, and put it into tomcat-users.xml. I am able to login as admin. But when I create a new user, the password is being saved as a text. isn't it supposed to be encrypted, md5 format? any suggestion? thanks, James -Original Message- From: Ostad, James Sent: Tuesday, December 09, 2003 2:01 PM To: Tomcat Users List Subject: RE: digest password setup got them. Thanks for help. I had to drop the \ in the formula. James -Original Message- From: Ostad, James Sent: Tuesday, December 09, 2003 1:46 PM To: Tomcat Users List Subject: RE: digest password setup Hi again, It is asking for credential: usage: realmbase -a algorithm credentials what am I supposed to put in place of credentials? I have tried a text file with the password in it. it didnot work. any suggestion? thanks, James -Original Message- From: Vinh Tran [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 1:23 PM To: Tomcat Users List Subject: RE: digest password setup You need to set your classpath properly. Read the last line from the URL I sent you... [excerpt] To use either of the above techniques, the $CATALINA_HOME/server/lib/catalina.jar file will need to be on your class path to make the RealmBase class available. Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:39 PM To: Tomcat Users List Subject: RE: digest password setup Hi, I am putting the following command from the URL you send me to: java org.apache.catalina.realm.RealmBase \ -a {algorithm} {cleartext-password} But I am getting error of the class not found. my classpath does include the jar file. any suggestion, thanks, James -Original Message- From: Vinh Tran [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:24 PM To: Tomcat Users List Subject: RE: digest password setup Simply change the password using MD5 and put it in the proper database field. The link below explains how to do this. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Digeste d%20 Passwords Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:50 AM To: Tom (E-mail) Subject: digest password setup Hi, I have installed Tomcat as usual. Now I want to use digest password with tomcat database by adding digest=MD5 to the realm. But, when I do that, how do I get back in? the original password in the tomcat-user.xml file is normal text. and during the login after the digest is setup, it is using the digest algorithm with is not matching the original password. I hope I was clear enough. Any help would be nice. James Ostad Application Developer/Analyst TMS Department Ex. 4457 E-mail: [EMAIL PROTECTED] Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: digest password setup
I got my own answer. I have to either enter the digested password in the tomcat-users.xml, or via the admin tool. appreciate your help. James -Original Message- From: Ostad, James Sent: Tuesday, December 09, 2003 2:13 PM To: Tomcat Users List Subject: RE: digest password setup I am trying to use digest password with form based login, using tomcat database. I converted admin password to md5 format, and put it into tomcat-users.xml. I am able to login as admin. But when I create a new user, the password is being saved as a text. isn't it supposed to be encrypted, md5 format? any suggestion? thanks, James -Original Message- From: Ostad, James Sent: Tuesday, December 09, 2003 2:01 PM To: Tomcat Users List Subject: RE: digest password setup got them. Thanks for help. I had to drop the \ in the formula. James -Original Message- From: Ostad, James Sent: Tuesday, December 09, 2003 1:46 PM To: Tomcat Users List Subject: RE: digest password setup Hi again, It is asking for credential: usage: realmbase -a algorithm credentials what am I supposed to put in place of credentials? I have tried a text file with the password in it. it didnot work. any suggestion? thanks, James -Original Message- From: Vinh Tran [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 1:23 PM To: Tomcat Users List Subject: RE: digest password setup You need to set your classpath properly. Read the last line from the URL I sent you... [excerpt] To use either of the above techniques, the $CATALINA_HOME/server/lib/catalina.jar file will need to be on your class path to make the RealmBase class available. Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:39 PM To: Tomcat Users List Subject: RE: digest password setup Hi, I am putting the following command from the URL you send me to: java org.apache.catalina.realm.RealmBase \ -a {algorithm} {cleartext-password} But I am getting error of the class not found. my classpath does include the jar file. any suggestion, thanks, James -Original Message- From: Vinh Tran [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:24 PM To: Tomcat Users List Subject: RE: digest password setup Simply change the password using MD5 and put it in the proper database field. The link below explains how to do this. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Digeste d%20 Passwords Vinh -Original Message- From: Ostad, James [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:50 AM To: Tom (E-mail) Subject: digest password setup Hi, I have installed Tomcat as usual. Now I want to use digest password with tomcat database by adding digest=MD5 to the realm. But, when I do that, how do I get back in? the original password in the tomcat-user.xml file is normal text. and during the login after the digest is setup, it is using the digest algorithm with is not matching the original password. I hope I was clear enough. Any help would be nice. James Ostad Application Developer/Analyst TMS Department Ex. 4457 E-mail: [EMAIL PROTECTED] Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---In (14) Out--- (3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Digest List of Tomcat List(s)
http://jakarta.apache.org/site/mail2.html#Tomcat (I modified/updated this page and committed a little while ago :-D Did you all know that you can subscribe to Daily Digest user/dev list(s) of Tomcat? :-) Happy mailing! -- Tetsuya. ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RealmBase Digest Method
Thanks Chris - that did the trick! Rob Abernethy Dynamic Edge, Inc. -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 5:35 PM To: Tomcat Users List Subject: Re: RealmBase Digest Method Rob/Thai, All you need to do is drop the catalina.jar into: /your_webapps/WEB-INF/lib and in your web application: import org.apache.catalina.realm.RealmBase encryptedPassword = RealmBase.Digest(clear_passwd, MD5); I'm certainly not an expert, but I figured that putting catalina.jar into the webapp's lib directory might be dangerous. However, writing the code to use Java's built-in MessageDigest class is almost as easy. Code follows: import java.security.MessageDigest; /** * @author Chris Schultz */ public class Digester { private static final char[] hex = 0123456789abcdef.toCharArray(); /** * Returns a message digest of the specified string using the * specified digest algorithm.p * * @param cleartext The cleartext string to be digested. * @param algorithm The digest algorithm to use (try *codeMD5/code or codeSHA-1/code. * * @return A String of hex characters representing the message * digest of the given cleartext string. */ public static String digest(String cleartext, String algorithm) throws Exception { MessageDigest md = MessageDigest.getInstance(algorithm); md.update(cleartext.getBytes()); // Might want to use a // specific char encoding? byte[] digest = md.digest(); StringBuffer sb = new StringBuffer(2*digest.length); for(int i=0; idigest.length; ++i) { int high = (digest[i] 0xf0) 4; int low = (digest[i] 0x0f); sb.append(hex[high]); sb.append(hex[low]); } return(sb.toString()); } } Hope that helps, -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RealmBase Digest Method
I have used this method from the command-line to create encrypted passwords for use in a JDBCRealm protected web application. I would like add the ability to create new users on the fly using this same web application while continuing to use the Digest method to create these encrypted passwords. Since this class exists in catalina.jar which is hidden from web applications, is there a better practice for creating these passwords? Or is there a good way to include catalina.jar in the classpath and make it available to web applications? Rob Abernethy Dynamic Edge, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RealmBase Digest Method
Yes Rob, All you need to do is drop the catalina.jar into: /your_webapps/WEB-INF/lib and in your web application: import org.apache.catalina.realm.RealmBase encryptedPassword = RealmBase.Digest(clear_passwd, MD5); Hope this is what you looking for, Thai Nguyen I have used this method from the command-line to create encrypted passwords for use in a JDBCRealm protected web application. I would like add the ability to create new users on the fly using this same web application while continuing to use the Digest method to create these encrypted passwords. Since this class exists in catalina.jar which is hidden from web applications, is there a better practice for creating these passwords? Or is there a good way to include catalina.jar in the classpath and make it available to web applications? Rob Abernethy Dynamic Edge, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RealmBase Digest Method
Rob/Thai, All you need to do is drop the catalina.jar into: /your_webapps/WEB-INF/lib and in your web application: import org.apache.catalina.realm.RealmBase encryptedPassword = RealmBase.Digest(clear_passwd, MD5); I'm certainly not an expert, but I figured that putting catalina.jar into the webapp's lib directory might be dangerous. However, writing the code to use Java's built-in MessageDigest class is almost as easy. Code follows: import java.security.MessageDigest; /** * @author Chris Schultz */ public class Digester { private static final char[] hex = 0123456789abcdef.toCharArray(); /** * Returns a message digest of the specified string using the * specified digest algorithm.p * * @param cleartext The cleartext string to be digested. * @param algorithm The digest algorithm to use (try *codeMD5/code or codeSHA-1/code. * * @return A String of hex characters representing the message * digest of the given cleartext string. */ public static String digest(String cleartext, String algorithm) throws Exception { MessageDigest md = MessageDigest.getInstance(algorithm); md.update(cleartext.getBytes()); // Might want to use a // specific char encoding? byte[] digest = md.digest(); StringBuffer sb = new StringBuffer(2*digest.length); for(int i=0; idigest.length; ++i) { int high = (digest[i] 0xf0) 4; int low = (digest[i] 0x0f); sb.append(hex[high]); sb.append(hex[low]); } return(sb.toString()); } } Hope that helps, -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
help: can't unsubscibe from digest
To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] doesn't work - anyone know why? thanks, Scott -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Digest
Hi In a jsp application i want to calculate digested passowrds dynamically According to the Realm How To ... i write this code in a jsp : % String digest = org.apache.catalina.realm.RealmBase.Digest(request.getParameter(password), MD5); % Here is the result : org.apache.jasper.JasperException: Unable to compile class for JSP Generated servlet error: [...] package org.apache.catalina.realm does not exist [...] [javac] String digest = org.apache.catalina.realm.RealmBase.Digest(request.getParameter(password), MD5); [javac] How can i fix that ? catalina.jar is not in tomcat classpath ? thks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Digest
Maxime Colas des Francs, You can copy catalina.jar to \shared\lib.It's OK. === 2003-08-06 16:20:00 === Hi In a jsp application i want to calculate digested passowrds dynamically According to the Realm How To ... i write this code in a jsp : String digest = org.apache.catalina.realm.RealmBase.Digest(request.getParameter(password), MD5); Here is the result : org.apache.jasper.JasperException: Unable to compile class for JSP Generated servlet error: [...] package org.apache.catalina.realm does not exist [...] [javac] String digest = org.apache.catalina.realm.RealmBase.Digest(request.getParameter(password), MD5); [javac] How can i fix that ? catalina.jar is not in tomcat classpath ? thks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = = = = = = = = = = = = = = = = = = = = [EMAIL PROTECTED] 2003-08-08 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Digest
In a jsp application i want to calculate digested passowrds dynamically According to the Realm How To ... i write this code in a jsp : % String digest = org.apache.catalina.realm.RealmBase.Digest(request.getParameter(password), MD5); % Isn't there a Digest method in some, more public place? JAAS or some cryptography? Here is the result : org.apache.jasper.JasperException: Unable to compile class for JSP Generated servlet error: [...] package org.apache.catalina.realm does not exist [...] In other words, javac has no knowledge of Tomcat's internal classes, as it shouldn't. [javac] String digest = org.apache.catalina.realm.RealmBase.Digest(request.getParameter(password), MD5); [javac] How can i fix that ? catalina.jar is not in tomcat classpath ? I'd sugest looking for Digest in some of the public APIs of Java platform. That way you will be transparent to the container (IOW, you'll be able to run your web-app on something other than Tomcat). Nix.
Re: Digest
I agree with Nikola. Firstly, even if you could access Catalina internals, you are calling the wrong method. You would need to call getDigest(String userName, String Pass). From the RealmBase code, you probably want something like: % MessageDigest md = MessageDigest.getInstance(MD5); String preDigest = request.getParameter(user)+ :+RealmName+request.getParameter(password); byte [] pwd = md.digest(preDigest.getBytes()); String digest = toBase64(pwd); % Here, toBase64 is your favorite byte-base64 encoding library. Nikola Milutinovic [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] In a jsp application i want to calculate digested passowrds dynamically According to the Realm How To ... i write this code in a jsp : % String digest = org.apache.catalina.realm.RealmBase.Digest(request.getParameter(password), MD5); % Isn't there a Digest method in some, more public place? JAAS or some cryptography? Here is the result : org.apache.jasper.JasperException: Unable to compile class for JSP Generated servlet error: [...] package org.apache.catalina.realm does not exist [...] In other words, javac has no knowledge of Tomcat's internal classes, as it shouldn't. [javac] String digest = org.apache.catalina.realm.RealmBase.Digest(request.getParameter(password), MD5); [javac] How can i fix that ? catalina.jar is not in tomcat classpath ? I'd sugest looking for Digest in some of the public APIs of Java platform. That way you will be transparent to the container (IOW, you'll be able to run your web-app on something other than Tomcat). Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Digest
My favorite Base64 library is org.apache.catalina.util.Base64 ;) -Tim Bill Barker wrote: I agree with Nikola. Firstly, even if you could access Catalina internals, you are calling the wrong method. You would need to call getDigest(String userName, String Pass). From the RealmBase code, you probably want something like: % MessageDigest md = MessageDigest.getInstance(MD5); String preDigest = request.getParameter(user)+ :+RealmName+request.getParameter(password); byte [] pwd = md.digest(preDigest.getBytes()); String digest = toBase64(pwd); % Here, toBase64 is your favorite byte-base64 encoding library. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Digest
Thks for your response ! But I have now another pb . javadoc for org.apache.catalina.realm.RealmBase.Digest() says : ... Digest password using the algorithm especificied and convert the result to a corresponding hex string ... So how to convert my base64(MD5()) digest to the correct hex String ? I try Integer.toHexString on each byte ... no good. MD5 digest for realm auth don't seem to be a simple MD5 digest .. At 06:42 2003-08-07 -0400, you wrote: My favorite Base64 library is org.apache.catalina.util.Base64 ;) -Tim Bill Barker wrote: I agree with Nikola. Firstly, even if you could access Catalina internals, you are calling the wrong method. You would need to call getDigest(String userName, String Pass). From the RealmBase code, you probably want something like: % MessageDigest md = MessageDigest.getInstance(MD5); String preDigest = request.getParameter(user)+ :+RealmName+request.getParameter(password); byte [] pwd = md.digest(preDigest.getBytes()); String digest = toBase64(pwd); % Here, toBase64 is your favorite byte-base64 encoding library. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Digest
Without digging into code, I have no clue. So either I can read the source (of how its done in RealmBase) or your can. (And right now, I'm feeling lazy ;) ) I'm guessing org.apache.catalina.util.HexUtils would be what you want. -Tim Maxime Colas des Francs wrote: Thks for your response ! But I have now another pb . javadoc for org.apache.catalina.realm.RealmBase.Digest() says : ... Digest password using the algorithm especificied and convert the result to a corresponding hex string ... So how to convert my base64(MD5()) digest to the correct hex String ? I try Integer.toHexString on each byte ... no good. MD5 digest for realm auth don't seem to be a simple MD5 digest .. At 06:42 2003-08-07 -0400, you wrote: My favorite Base64 library is org.apache.catalina.util.Base64 ;) -Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
digest/form authentication
Is anyone using digest authentication? Or form authentication? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: digest/form authentication
If everyone using those, responds we would have a plethora of mails :). Please post your question. -Original Message- From: Hirsch, Barbara [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 3:25 PM To: 'Tomcat Users List' Subject: digest/form authentication Is anyone using digest authentication? Or form authentication? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: digest/form authentication
Sorry, my question then is how do i configure my tomcat to do either form based or digest authentication? I can't seem to find it in the documentation at Jakarta. I'm also running Tomcat with JBoss and not sure that that matters. Does it? -Original Message- From: Sudhir Movva [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 3:34 PM To: 'Tomcat Users List' Subject: RE: digest/form authentication If everyone using those, responds we would have a plethora of mails :). Please post your question. -Original Message- From: Hirsch, Barbara [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 3:25 PM To: 'Tomcat Users List' Subject: digest/form authentication Is anyone using digest authentication? Or form authentication? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DIGEST authentication
I can use Basic auth, and FORM-based auth,using the UserDatabaseRealm, with no problem. But when I try to use DIGEST, like this: login-config auth-methodDIGEST/auth-method realm-nameUserDatabase/realm-name ...etc Tomcat obviously recognizes the keyword, because I get prompted by a different type of screen from IE. But I can';t authenticate. I've also tried specifying both algorithms, md5 and sha, in the realm tag, but with no effect. Realm className=org.apache.catalina.realm.UserDatabaseRealm debug=0 resourceName=UserDatabase digest=sha / Does anybody know what I'm doing wrong? -Dave Naden - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Message Digest severe error when starting Tomcat 4.1
Hi guys, do you know what this message means? Fortunatelly, my environment is working fine. I guess its a digital certificate file, named saa.prop, which i had to store on TomCat. Digester error SEVERE: Parse Error at line 59 column 11: The content of element type web-app must match (icon?,display-name?,description?,distributable?,context-param*,filter*,filt er-mapping*,list ener*,servlet*,servlet-mapping*,session-config?,mime-mapping*,welcome-file-l ist?,error-page* ,taglib*,resource-env-ref*,resource-ref*,security-constraint*,login-config?, security-role*,e nv-entry*,ejb-ref*,ejb-local-ref*). Thanks in advance, Euclides. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Message Digest severe error when starting Tomcat 4.1
Ok, I'll take this one again ;) SEVERE: Parse Error at line 59 column 11: The content of element type web-app must match ... means you have an error in web.xml. Something is out of order, or a typo, or... -Original Message- From: Jose Euclides da Silva Junior - DATAPREVRJ [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 12:36 PM To: '[EMAIL PROTECTED]' Subject: Message Digest severe error when starting Tomcat 4.1 Hi guys, do you know what this message means? Fortunatelly, my environment is working fine. I guess its a digital certificate file, named saa.prop, which i had to store on TomCat. Digester error SEVERE: Parse Error at line 59 column 11: The content of element type web-app must match (icon?,display-name?,description?,distributable?,context-param *,filter*,filt er-mapping*,list ener*,servlet*,servlet-mapping*,session-config?,mime-mapping*, welcome-file-l ist?,error-page* ,taglib*,resource-env-ref*,resource-ref*,security-constraint*, login-config?, security-role*,e nv-entry*,ejb-ref*,ejb-local-ref*). Thanks in advance, Euclides. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Message Digest severe error when starting Tomcat 4.1
Ditto what Mike said. John On Wed, 2 Jul 2003 12:46:43 -0500, Mike Curwen [EMAIL PROTECTED] wrote: Ok, I'll take this one again ;) SEVERE: Parse Error at line 59 column 11: The content of element type web-app must match ... means you have an error in web.xml. Something is out of order, or a typo, or... -Original Message- From: Jose Euclides da Silva Junior - DATAPREVRJ [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 12:36 PM To: '[EMAIL PROTECTED]' Subject: Message Digest severe error when starting Tomcat 4.1 Hi guys, do you know what this message means? Fortunatelly, my environment is working fine. I guess its a digital certificate file, named saa.prop, which i had to store on TomCat. Digester error SEVERE: Parse Error at line 59 column 11: The content of element type web-app must match (icon?,display- name?,description?,distributable?,context-param *,filter*,filt er-mapping*,list ener*,servlet*,servlet-mapping*,session-config?,mime- mapping*, welcome-file-l ist?,error-page* ,taglib*,resource-env-ref*,resource-ref*,security- constraint*, login-config?, security-role*,e nv-entry*,ejb-ref*,ejb-local-ref*). Thanks in advance, Euclides. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-user Digest 1 Jul 2003 20:23:51 -0000 Issue 3015
Eric J. Pinnell wrote: I could be wrong...it was my understanding that JK2 was only supported by CoyoteConnector. Since both, I believe, use the AJP13 protocol, I guess its possible that Ajp13Connector could/would/might work. I know more about what DOES work than what DOESN'T work. ;) It works *sorta*. It connects and passes data but some freakish things happen once in a while. We had a problem with this configuration (JK2 to Ajp13Connector, that was put in by mistake) and it would do stuff like forget to pass HTTP headers every so often. Wierd stuff like that. Freakish things once in while? Weird stuff? Sounds like what's happening to us...this is with TC 4.0.4 that I have Ajp13Connector with JK2 - I also have a TC 4.1.24 with CoyoteConnector/JK2 running in test and would like to move to that one. Do you have any strange error messages showing up in your Apache log that could be connected to this? More importantly, to fix this, was it just a matter of substituting Coyote for Ajp13 in server.xml, or was there more to it? Thanks! -- Lynn Hollerman. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-user Digest 1 Jul 2003 20:23:51 -0000 Issue 3015
Freakish things once in while? Weird stuff? Sounds like what's happening to us...this is with TC 4.0.4 that I have Ajp13Connector with JK2 - I also have a TC 4.1.24 with CoyoteConnector/JK2 running in test and would like to move to that one. Do you have any strange error messages showing up in your Apache log that could be connected to this? What we saw at first was (with TC 4.1.18) the JMX listeners would throw errors on startup. So we commented out: Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ Just to make the errors go away. Then we had a debug jsp that spit all the info that the app was using out... values in cookies, headers, and other application specific things. We noticed that sometimes the information the application was looking for was there, and sometimes it wasn't. A specific example would be the 'referer' header that our app needed. Sometimes it was there... sometimes it wasn't. More importantly, to fix this, was it just a matter of substituting Coyote for Ajp13 in server.xml, or was there more to it? by default the correct JK2 connector is enabled: !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=0 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ That's the one you want to use. After using this you can uncomment out the JMX Listeners. They play nice with Coyote. -e - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-user Digest 20 Jun 2003 20:21:29 -0000 Issue 2964
Tim, Thanks for the quick response. That works perfectly. (if you change the != to == in the canIgnoreRewrite routine.) I figured filters were involved, but I couldn't quite figure it out. Thanks, Mike Subject: Re: Configuring session Id in URL From: Tim Funk [EMAIL PROTECTED] Date: Fri, 20 Jun 2003 12:41:30 -0400 To: Tomcat Users List [EMAIL PROTECTED] Ouch! But the answer is easy. Filters with HttpServletResponseWrapper. Here is a quick example: public class NoRewriteFilter implements Filter { public void init(FilterConfig filterConfig) throws ServletException { ; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (canIgnoreRewrite(request)) { response = new HttpServletResponseWrapper((HttpServletResponse)response) { public String encodeRedirectUrl(String url) { return url; } public String encodeRedirectURL(String url) { return url; } public String encodeUrl(String url) { return url; } public String encodeURL(String url) { return url; } } chain.doFilter(request,response); } public void destroy() { ; // no-op } protected boolean canIgnoreRewrite(ServletRequest request) { HttpServletRequest r = (HttpServletRequest)request; String agent = r.getHeader(user-agent); if (agent!=null) return false; agent = agent.toLowerCase(); return agent.indexOf(googlebot)-1; } } -Tim Mike Heckler wrote: Is there a way to tell tomcat to NOT place the session ID in a url (even when the client doesn't support cookies) based on IP or user-agent? The problem I'm having is with search engines (especially google) not indexing my entire site because the URLs have the jsessionid in them. I'd like to support browsers with cookies turned off, but at the same time not send the jsessionids to certain clients. I've looked around and can't seem to even the question anywhere, let alone the answer. Thanks, Mike Heckler - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DIGEST authentication!
Hi, I'm using Tomcat 4.1.18, Apache 1.3.27 and mod_jk as the connector. I want to implement DIGEST authentication on tomcat. I implemented already the BASIC authentication which is working fine. But if I want to change to DIGEST it doesn't work anymore. This is the contents of my web.xml security-constraint web-resource-collection web-resource-nametest/web-resource-name url-pattern/servlet/*/url-pattern /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodDIGEST/auth-method /login-config security-role role-nameadmin/role-name /security-role I also changed the passwords in tomcat-user.xml to their digest representations and added digest=MD5 to the realm in the server.xml. But it doesn't work. Any ideas? Regards, Uwe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-user Digest 24 Mar 2003 14:25:20 -0000 Issue 2463
This could be caused by your servlet setting an incorrect content length. If you set the content length to be less than the actual size of the page this is what happens, Cheers, Cam. I met this problem. My html page showed incompletely. Sometimes html tag like TD is showed, and sometimes only half of the whole result showed. I read the source of the html, it seems browser got imcomplete html. I'm using Tomcat4.1.18, Apache1.3.12 and mod_Jk2 OS is solaris8. Thanks for any help Regards, Xiaoling - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to turn on secure (MD5 Digest) version of WebDAV?
I am just using the memory realm (by default). So do you just use DIGEST to turn on the MD5 secure logon? auth-methodDIGEST/auth-method --Basil Bourque What Security Realm are you using? JDBC,JNDI, MemoryRealm? I have had problems with DIGEST authentication for JDBC and JNDIRealm. I had to implement getPassword() and getPrincipal() methods to make it work with digest authentication. -- Uddhav - Original Message - From: Basil Bourque [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 17, 2003 7:54 AM Subject: How to turn on secure (MD5 Digest) version of WebDAV? How does one turn on the secure logon feature (MD5 Digest) in Tomcat's WebDAV server? I cannot find any documentation on the auth-method parameter in the virtual host's web.xml file: login-config auth-methodBASIC/auth-method realm-nameTomcat Supported Realm/realm-name /login-config - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to turn on secure (MD5 Digest) version of WebDAV?
How does one turn on the secure logon feature (MD5 Digest) in Tomcat's WebDAV server? I cannot find any documentation on the auth-method parameter in the virtual host's web.xml file: login-config auth-methodBASIC/auth-method realm-nameTomcat Supported Realm/realm-name /login-config I tried replacing BASIC with DIGEST. I am not sure if it is working or not, but my WebDAV client (Mac OS X Finder) fails to connect, with the logon dialog repeatedly displayed. The Finder connects properly if I use the BASIC value. I looked in the Tomcat documentation, perused Remy's source code, googled, and even searched the 43,000 messages I've archived from this list, but I cannot locate information about the auth-method. I have Tomcat 4.1.21 beta running on Mac OX X 10.2.4 with Java 1.4.1. --Basil Bourque - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to turn on secure (MD5 Digest) version of WebDAV?
What Security Realm are you using? JDBC,JNDI, MemoryRealm? I have had problems with DIGEST authentication for JDBC and JNDIRealm. I had to implement getPassword() and getPrincipal() methods to make it work with digest authentication. -- Uddhav - Original Message - From: Basil Bourque [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 17, 2003 7:54 AM Subject: How to turn on secure (MD5 Digest) version of WebDAV? How does one turn on the secure logon feature (MD5 Digest) in Tomcat's WebDAV server? I cannot find any documentation on the auth-method parameter in the virtual host's web.xml file: login-config auth-methodBASIC/auth-method realm-nameTomcat Supported Realm/realm-name /login-config I tried replacing BASIC with DIGEST. I am not sure if it is working or not, but my WebDAV client (Mac OS X Finder) fails to connect, with the logon dialog repeatedly displayed. The Finder connects properly if I use the BASIC value. I looked in the Tomcat documentation, perused Remy's source code, googled, and even searched the 43,000 messages I've archived from this list, but I cannot locate information about the auth-method. I have Tomcat 4.1.21 beta running on Mac OX X 10.2.4 with Java 1.4.1. --Basil Bourque - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
digest
I am trying the setup my web app to use the DIGEST authentication. I have found references to using the following in the web.xml file: web-app . . login-config auth-methodDIGEST/auth-method /login-config /web-app I have also seen a reference to modifying the server.xml file and specifing digest=MD5 for the Realm. I just want to end up with MD5 encrypted passwords in the tomcat-users.xml file vs. clear text. Thanks. Stan Henderson, Software Engineer IBM Security Products Development Internet: [EMAIL PROTECTED] Notes: Stan Henderson/Austin/[EMAIL PROTECTED] Phone: 512-436-4776 T/L: 749-4776 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Realm digest setting for mySql?
I am setting up a JDBC realm using mySql. I would like to be able to validate against passwords that are stored using the mySql Password() function. Can anyone tell me what the digest attribute in Realm should be set to? Many thanks. Gregg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-user Digest 3 Feb 2003 17:27:41 -0000 Issue 2142
On Monday, February 3, 2003, [EMAIL PROTECTED] wrote: Craig R. McClanahan [EMAIL PROTECTED] wrote: Are both Tomcat and Resin within spec in implementing different behaviors here? If so, what is the correct point in the lifecycle to reset attribute values in a TagSupport object? Sounds like they are to me. The JSP page compiler has the option to optimize out the second call to the setters, because tag instances can only be shared if the combination of attribute values is identical (as they are in your case above), but it's not required. That may be the missing piece: that tag instances can only be shared *if the combination of attribute values is identical*. I originally wrote my code the way you described, but I thought I was seeing cases where tags instances were being shared even when the attributes weren't identical. Since I didn't know what the exact behavior to expect was, I might have misread some other problem. A quick rewrite of my code in the way you suggested seems to be behaving correctly. Gary McGath http://www.mcgath.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]