Leave the <auth-method> in the web.xml as BASIC.
-----Original Message-----
From: Frank Balluffi [mailto:frank.balluffi@db.com]
Sent: Monday, November 04, 2002 6:01 PM
To: tomcat-user@jakarta.apache.org
Subject: digest authentication or <auth-method>DIGEST</auth-method>
I am able to successfully configure Tomcat 4.1.12 to use basic
authentication and access a servlet from IE 5.5. conf/server.xml contains:
<Realm className = "org.apache.catalina.realm.MemoryRealm"
pathname = "conf/tomcat-users.xml" />
conf/tomcat-users.xml contains:
<role rolename="myapp"/>
<user username="frank" password="password" roles="myapp"/>
myapp/WEB-INF/web.xml contains:
<web-app>
<display-name>My Application</display-name>
<description>My Application</description>
<servlet-mapping>
<servlet-name>invoker</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>My Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myapp</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My Application</realm-name>
</login-config>
<security-role>
<role-name>myapp</role-name>
</security-role>
</web-app>
When IE prompts me for the user name and password, I enter "frank" and
"password" and the servlet successfully runs.
When I attempt to configure Tomcat to use digest authentication (and restart
Tomcat), weird things happen. conf/server.xml contains:
<Realm className = "org.apache.catalina.realm.MemoryRealm"
digest = "MD5"
pathname = "conf/tomcat-users.xml" />
conf/tomcat-users.xml contains:
<role rolename="myapp"/>
<user username="frank" password="5f4dcc3b5aa765d61d8327deb882cf99"
roles="myapp"/>
I used the following command to MD5 digest the password "password" [without
the double quotes]:
C:\jakarta-tomcat-4.1.12\server\lib>java org.apache.catalina.realm.RealmBase
-a MD5 password
password:5f4dcc3b5aa765d61d8327deb882cf99
myapp/WEB-INF/web.xml contains:
<web-app>
<display-name>My Application</display-name>
<description>My Application</description>
<servlet-mapping>
<servlet-name>invoker</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>My Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myapp</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
<!--
The memory realm defined in /conf/server.xml contains no name. Does
the
realm-name value refer to some other configuration value.
-->
<realm-name>My Application</realm-name>
</login-config>
<security-role>
<role-name>myapp</role-name>
</security-role>
</web-app>
If I enter the user name and password "frank" and "password" into IE,
authentication fails. But if I enter "frank" and
"5f4dcc3b5aa765d61d8327deb882cf99", authentication succeeds. I expected
"frank" and "password" to work.
The log file for myapp shows the following:
2002-11-04 17:51:40 WebappLoader[/myapp]: Deploying class repositories to
work directory C:\jakarta-tomcat-4.1.12\work\Standalone\localhost\myapp
2002-11-04 17:51:40 WebappLoader[/myapp]: Deploy class files
/WEB-INF/classes to
C:\jakarta-tomcat-4.1.12\bin\..\webapps\myapp\WEB-INF\classes
2002-11-04 17:51:40 WebappLoader[/myapp]: Reloading checks are enabled for
this Context
2002-11-04 17:51:41 ContextConfig[/myapp]: Configured an authenticator for
method DIGEST
2002-11-04 17:51:41 StandardManager[/myapp]: Seeding random number generator
class java.security.SecureRandom
2002-11-04 17:51:41 StandardManager[/myapp]: Seeding of random number
generator has been completed
2002-11-04 17:51:41 StandardWrapper[/myapp:default]: Loading container
servlet default
2002-11-04 17:51:41 StandardWrapper[/myapp:invoker]: Loading container
servlet invoker
Am I doing something wrong? Do I not understand digest authentication? Any
ideas? Thanks.
Frank
--
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>
This electronic transmission is strictly confidential to Smith & Nephew and
intended solely for the addressee. It may contain information which is
covered by legal, professional or other privilege. If you are not the
intended addressee, or someone authorized by the intended addressee to
receive transmissions on behalf of the addressee, you must not retain,
disclose in any form, copy or take any action in reliance on this
transmission. If you have received this transmission in error, please
notify the sender as soon as possible and destroy this message.
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
|