I need to use Container Managed Security and Authentication in my latest project. And I have a couple of queries regarding how to configure a Credential Handler.
1. Firstly how will a CredentialHandler declaration look like ? Can someone provide a sample declaration of the NestedCredentialHandler with the algorithm attribute declared. I need to know since the Digest attribute in Realms has become deprecated. I didn't find any examples on the web and I am utterly confused. 2. Whats the difference between MessageDigestCredentialHandler and SecretKeyCredentialHandler which one is more secure ? 3. SecretKeyCredentialHandler specifies only one algorithm in the documentation which is PBKDF2WithHmacSHA1. What other algorithms are available ? I followed https://tomcat.apache.org/tomcat-8.0-doc/config/credentialhandler.html before writing this mail. Regards Sreyan Chakravarty
