----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: 2001. szeptember 7. 17:38
Subject: Re: Digest authentication in Tomcat?
>
> In 3.3 we tried to make it easy to add modules ( and all the
> functionality is implemented in modules ), it's just like adding a
> webapplication. The idea is to reduce the pressure on the official
> release, reduce the 'featurism', keep tomcat simple, etc.
>
I'll look into 3.3 architecture. Right now I have a proof-of-concept
implementation coded against 3.2.1 source.
Attila.
>
> Costin
>
>
> On Fri, 7 Sep 2001, Attila Szegedi wrote:
>
> > Hi!
> >
> > If I see correctly (after testing for it and browsing source
extensively),
> > the 3.2 product line of Tomcat does not support the Digest
authentication
> > scheme (RFC 2069). Could you confirm this? Also, please let me know if
3.3
> > or 4.0 support Digest.
> >
> > In case they don't, I'm ready to provide an implementation (in fact, I
> > already started working on it). The issue is a bit tricky as right now
all
> > available Realm implementations (the SimpleRealm and the JDBCRealm)
assume
> > the password can be extracted from the request, and this is
(fortunately!)
> > not true for Digest. I have an elegant idea for working around it,
however I
> > wouldn't like to reinvent the wheel, so please let me know if this is
> > already done.
> >
> > NB: I need Digest so that I can have a fully compliant WebDAV service,
since
> > the page 78 of RFC 2518 clearly states that "WebDAV applications MUST
> > support the Digest authentication scheme". In face of this, the Tomcat's
> > peer project Slide can also not achieve full WebDAV compliance if it
lacks
> > Digest authentication.
> >
> > Cheers,
> > Attila.
> >
> >
>
>
