jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Douglas Jose (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-2773) HTTP digest authentication support
Date Wed, 13 Oct 2010 20:36:34 GMT

    [ https://issues.apache.org/jira/browse/JCR-2773?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12920756#action_12920756

Douglas Jose commented on JCR-2773:

I'm going to do implement the first three enhancements suggested in the list. Thanks for the

Regarding the UserManager interface, I believe it cannot be used as one of the limitations
of the digest authentication is that it must be aware of the user's password (or the concatenation
of user, realm and password, as currently implemented). As far as I know, the existing user
management mechanism doesn't store the user's clear text password (or any data from which
such password could be derived).

The simultaneous support to basic and digest authentication, as far as I know, cannot be implemented.
The protocol says that the server informs the client which method is being used (via header
parameters); they don't negotiate on which on to use. However, I'm not an expert in such subject,
so please let me know if I'm wrong; the conclusions I'm taking here are based on the Tomcat
code I used as a reference to understand the protocol.

> HTTP digest authentication support
> ----------------------------------
>                 Key: JCR-2773
>                 URL: https://issues.apache.org/jira/browse/JCR-2773
>             Project: Jackrabbit Content Repository
>          Issue Type: New Feature
>          Components: jackrabbit-core, jackrabbit-jcr-server, jackrabbit-webapp, security
>            Reporter: Douglas Jose
>         Attachments: http-digest.patch
> I have extended Jackrabbit to allow HTTP digest authentication through WebDAV, as Windows
7 can't connect to a WebDAV repository using basic authentication.
> The implementation is based on Tomcat's source code (I have used it as a reference to
implement the same authentication handling in Jackrabbit). I hope that's not a problem.
> In order to enable the digest authentication, you need to:
> - Change the WebDAV servlet from 'org.apache.jackrabbit.j2ee.SimpleWebdavServlet' to
'org.apache.jackrabbit.j2ee.DigestWebdavServlet' in the web.xml file;
> - Change the LoginModule to 'org.apache.jackrabbit.core.security.simple.DigestLoginModule'
in the repository.xml file
> - Add the parameter 'passwordsFile' to the DigestLoginModule with the path of the passwords
> - Add to the passwords file created above the user id and the password digest. The utility
DigestPasswordUtil in the jackrabbit-jcr-commons project can be used to generate the entry
to be appended to the passwords file.
> java -cp target/jackrabbit-jcr-commons-2.2-SNAPSHOT.jar org.apache.jackrabbit.util.DigestPasswordUtil
user realm password
> The DigestLoginModule configuration is optional, I believe the DigestWebdavServlet should
work normally with the SimpleLoginModule which accepts any credentials.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message