jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-2773) HTTP digest authentication support
Date Wed, 13 Oct 2010 13:12:34 GMT

    [ https://issues.apache.org/jira/browse/JCR-2773?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12920528#action_12920528

Jukka Zitting commented on JCR-2773:

Looks good, thanks! Some comments:

* The DigestCredentials class is probably best placed in jackrabbit-api. Alternatively it
might be better to avoid the DigestCredentials class entirely and instead use the attributes
feature of the SimpleCredentials class to pass around the digest fields.

* It would be good if the code from Tomcat is labelled with a pointer to the original classes.

* I'd rather avoid putting the digest utility code in jackrabbit-jcr-commons, as it's not
directly related to JCR. It would be better to simply place the utility code in jackrabbit-core
along with the DigestLoginModule class.

* It would be nice if the UserManager interface was used to access the digest password information
instead of an explicit password file.

Additionally, would it be possible to simultaneously support both Basic and Digest authentication,
so that you wouldn't need to modify server configuration based on the kinds of clients you
have accessing the server?

> HTTP digest authentication support
> ----------------------------------
>                 Key: JCR-2773
>                 URL: https://issues.apache.org/jira/browse/JCR-2773
>             Project: Jackrabbit Content Repository
>          Issue Type: New Feature
>          Components: jackrabbit-core, jackrabbit-jcr-server, jackrabbit-webapp, security
>            Reporter: Douglas Jose
>         Attachments: http-digest.patch
> I have extended Jackrabbit to allow HTTP digest authentication through WebDAV, as Windows
7 can't connect to a WebDAV repository using basic authentication.
> The implementation is based on Tomcat's source code (I have used it as a reference to
implement the same authentication handling in Jackrabbit). I hope that's not a problem.
> In order to enable the digest authentication, you need to:
> - Change the WebDAV servlet from 'org.apache.jackrabbit.j2ee.SimpleWebdavServlet' to
'org.apache.jackrabbit.j2ee.DigestWebdavServlet' in the web.xml file;
> - Change the LoginModule to 'org.apache.jackrabbit.core.security.simple.DigestLoginModule'
in the repository.xml file
> - Add the parameter 'passwordsFile' to the DigestLoginModule with the path of the passwords
> - Add to the passwords file created above the user id and the password digest. The utility
DigestPasswordUtil in the jackrabbit-jcr-commons project can be used to generate the entry
to be appended to the passwords file.
> java -cp target/jackrabbit-jcr-commons-2.2-SNAPSHOT.jar org.apache.jackrabbit.util.DigestPasswordUtil
user realm password
> The DigestLoginModule configuration is optional, I believe the DigestWebdavServlet should
work normally with the SimpleLoginModule which accepts any credentials.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message