Auth: BASIC, FORM, DIGEST Realm: Memory, UserDatabase, JDBC, DataSource Passwords: Cleartext, digested
There is a complication when using digested passwords with the digest realm.
You need to be using 4.1.x from CVS HEAD or 5.5.8+
For more info see: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html
Mark
Mark Leone wrote:
I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem to work. I found some articles with Google about IE implementing DIGEST authentication in a way that only worked with MS servers, and I assume that hasn't been corrected. But I'm also using Firefox with the same results as IE. I saw an article about a workaround in Apache server to make DIGEST authentication work with IE, but I didn't see anything about Tomcat. Anyone know of any way to get DIGEST authentication in Tomcat to work with ANY browser?
I should mention that I'm also using digested passwords in a JDBC Realm (implemented with mySQL), and I followed the how-to instructions for creating digested passwords to work with DIGEST authentication. And authentication with JDBCRealm works fine when I use BASIC authentication.
For the record, I put the following in the Host element in Server.xml
<Context path="/MyApp" docBase="MyApp">
<Valve className="org.apache.catalina.authenticator.DigestAuthenticator"
disableProxyCaching="false" />
</Context>
I put the following in Server.xml's Engine element
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql:///Tomcat_Realm" userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" digest="SHA"/>
And I put the following in my app's web.xml
<security-constraint.../> (elided)
<login-config> <auth-method>DIGEST</auth-method> <realm-name>JDBCRealm</realm-name> </login-config>
<security-role.../> (elided)
And when I created the digested password to store in my JDBCRealm database, I digested: (username) : JDBCRealm : (password). As you can see, I specified "SHA" as the digest algorithm in Server.xml's <realm> element, and I used SHA to create the digested password that I stored in the database. I assume that the server will prompt the browser to use SHA also when it sends the challenge header requesting DIGEST authentication?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
