tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <cmanola...@yahoo.com>
Subject Re: Digest authentication in Tomcat?
Date Fri, 07 Sep 2001 15:38:01 GMT
Hi Attila,

Tomcat 3.x standalone doesn't support digest auth. If you can contribute
code - it would be great.

I'm presonally more interested in making sure Apache/IIS/NES is well
integrated and allows the real server do the authentication - but I know
few people who love tomcat standalone :-).

Given the timeframe ( we're late in beta ), I'm not sure we can add the
digest support in the 'standard' release of 3.3 ( and less likely in a
bugfix release of 3.2.x ), however it would be an excelent candidate for
an 'independent' module.

In 3.3 we tried to make it easy to add modules ( and all the
functionality is implemented in modules ), it's just like adding a
webapplication. The idea is to reduce the pressure on the official
release, reduce the 'featurism', keep tomcat simple, etc.


Costin


On Fri, 7 Sep 2001, Attila Szegedi wrote:

> Hi!
>
> If I see correctly (after testing for it and browsing source extensively),
> the 3.2 product line of Tomcat does not support the Digest authentication
> scheme (RFC 2069). Could you confirm this? Also, please let me know if 3.3
> or 4.0 support Digest.
>
> In case they don't, I'm ready to provide an implementation (in fact, I
> already started working on it). The issue is a bit tricky as right now all
> available Realm implementations (the SimpleRealm and the JDBCRealm) assume
> the password can be extracted from the request, and this is (fortunately!)
> not true for Digest. I have an elegant idea for working around it, however I
> wouldn't like to reinvent the wheel, so please let me know if this is
> already done.
>
> NB: I need Digest so that I can have a fully compliant WebDAV service, since
> the page 78 of RFC 2518 clearly states that "WebDAV applications MUST
> support the Digest authentication scheme". In face of this, the Tomcat's
> peer project Slide can also not achieve full WebDAV compliance if it lacks
> Digest authentication.
>
> Cheers,
>   Attila.
>
>


Mime
View raw message