tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Attila Szegedi" <szege...@freemail.hu>
Subject Re: Digest authentication in Tomcat?
Date Fri, 07 Sep 2001 16:30:49 GMT

----- Original Message -----
From: <cmanolache@yahoo.com>
To: <tomcat-dev@jakarta.apache.org>
Sent: 2001. szeptember 7. 17:38
Subject: Re: Digest authentication in Tomcat?


>
> In 3.3 we tried to make it easy to add modules ( and all the
> functionality is implemented in modules ), it's just like adding a
> webapplication. The idea is to reduce the pressure on the official
> release, reduce the 'featurism', keep tomcat simple, etc.
>

I'll look into 3.3 architecture. Right now I have a proof-of-concept
implementation coded against 3.2.1 source.
Attila.


>
> Costin
>
>
> On Fri, 7 Sep 2001, Attila Szegedi wrote:
>
> > Hi!
> >
> > If I see correctly (after testing for it and browsing source
extensively),
> > the 3.2 product line of Tomcat does not support the Digest
authentication
> > scheme (RFC 2069). Could you confirm this? Also, please let me know if
3.3
> > or 4.0 support Digest.
> >
> > In case they don't, I'm ready to provide an implementation (in fact, I
> > already started working on it). The issue is a bit tricky as right now
all
> > available Realm implementations (the SimpleRealm and the JDBCRealm)
assume
> > the password can be extracted from the request, and this is
(fortunately!)
> > not true for Digest. I have an elegant idea for working around it,
however I
> > wouldn't like to reinvent the wheel, so please let me know if this is
> > already done.
> >
> > NB: I need Digest so that I can have a fully compliant WebDAV service,
since
> > the page 78 of RFC 2518 clearly states that "WebDAV applications MUST
> > support the Digest authentication scheme". In face of this, the Tomcat's
> > peer project Slide can also not achieve full WebDAV compliance if it
lacks
> > Digest authentication.
> >
> > Cheers,
> >   Attila.
> >
> >
>
>


Mime
View raw message