shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebastian Audet (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-20) Support HTTP Digest Authentication
Date Thu, 13 Mar 2014 17:35:44 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-20?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13933591#comment-13933591
] 

Sebastian Audet commented on SHIRO-20:
--------------------------------------

The primary issue with getting this done is finding the password. The reference implementation
in Spring Security simply looks up the password for a given username, with an option for it
being already hashed or not. Since it appears Shiro is always assuming that there is a password
for any given username being sent, either the DigestFilter must be able to lookup the user's
password, or the filter must be able to forward the request to an appropriate Realm.

> Support HTTP Digest Authentication
> ----------------------------------
>
>                 Key: SHIRO-20
>                 URL: https://issues.apache.org/jira/browse/SHIRO-20
>             Project: Shiro
>          Issue Type: New Feature
>            Reporter: Les Hazlewood
>
> Just as we support HTTP Basic Authentication via the BasicHttpAuthenticationFilter, we
should also support HTTP Digest Authentication out of the box as well:
> http://en.wikipedia.org/wiki/Digest_access_authentication



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message