tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Attila Szegedi" <>
Subject Digest authentication in Tomcat?
Date Fri, 07 Sep 2001 08:51:11 GMT

If I see correctly (after testing for it and browsing source extensively),
the 3.2 product line of Tomcat does not support the Digest authentication
scheme (RFC 2069). Could you confirm this? Also, please let me know if 3.3
or 4.0 support Digest.

In case they don't, I'm ready to provide an implementation (in fact, I
already started working on it). The issue is a bit tricky as right now all
available Realm implementations (the SimpleRealm and the JDBCRealm) assume
the password can be extracted from the request, and this is (fortunately!)
not true for Digest. I have an elegant idea for working around it, however I
wouldn't like to reinvent the wheel, so please let me know if this is
already done.

NB: I need Digest so that I can have a fully compliant WebDAV service, since
the page 78 of RFC 2518 clearly states that "WebDAV applications MUST
support the Digest authentication scheme". In face of this, the Tomcat's
peer project Slide can also not achieve full WebDAV compliance if it lacks
Digest authentication.


View raw message