tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: DIGEST authentication; Does it work??
Date Tue, 22 Mar 2005 21:16:50 GMT
Yes it does. I tested this extensively with both IE and Firefox. Any 
combination of the following is OK:

Realm:		Memory, UserDatabase, JDBC, DataSource
Passwords:	Cleartext, digested

There is a complication when using digested passwords with the digest realm.

You need to be using 4.1.x from CVS HEAD or 5.5.8+

For more info see:


Mark Leone wrote:
> I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem 
> to work. I found some articles with Google about IE implementing DIGEST 
> authentication in a way that only worked with MS servers, and I assume 
> that hasn't been corrected. But I'm also using Firefox with the same 
> results as IE. I saw an article about a workaround in Apache server to 
> make DIGEST authentication work with IE, but I didn't see anything about 
> Tomcat. Anyone know of any way to get DIGEST authentication in Tomcat to 
> work with ANY browser?
> I should mention that I'm also using digested passwords in a  JDBC Realm 
> (implemented with mySQL), and I followed the how-to instructions for 
> creating digested passwords to work with DIGEST authentication. And 
> authentication with JDBCRealm works fine when I use BASIC authentication.
> For the record, I put the following in the Host element in Server.xml
> <Context path="/MyApp" docBase="MyApp">
>          <Valve 
> className="org.apache.catalina.authenticator.DigestAuthenticator"
>          disableProxyCaching="false" />
>    </Context>
> I put the following in Server.xml's Engine element
> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
>      driverName="com.mysql.jdbc.Driver"
>   connectionURL="jdbc:mysql:///Tomcat_Realm"    userTable="users" 
> userNameCol="user_name" userCredCol="user_pass"
>   userRoleTable="user_roles" roleNameCol="role_name" digest="SHA"/>
> And I put the following in my app's web.xml
> <security-constraint.../> (elided)
>  <login-config>
>    <auth-method>DIGEST</auth-method>
>    <realm-name>JDBCRealm</realm-name>
>  </login-config>
>  <security-role.../> (elided)
> And when I created the digested password to store in my JDBCRealm 
> database, I digested:  (username) : JDBCRealm : (password). As you can 
> see, I specified "SHA" as the digest algorithm in Server.xml's <realm> 
> element, and I used SHA to create the digested password that I stored in 
> the database. I assume that the server will prompt the browser to use 
> SHA also when it sends the challenge header requesting DIGEST 
> authentication?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message