tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lucas Galfaso" <lgalf...@gmail.com>
Subject Re: [tomcat]How to decrypt the DIGEST authentication?
Date Tue, 30 Oct 2007 07:13:01 GMT
Hi,

  Digest authentication involves multiple MD5s including the username,
password, url, realm, random data... Believe me when I tell you that
there is no way that you will get the password from the digest (in
fact, it was designed this way so this is not feasible.)

  For your original question, you may want to check this
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html

Regards,
  lg

On Oct 30, 2007 1:50 AM, zhongliang zhang <zhangzhongl@msn.com> wrote:
> Hi,everyone,
> I got a problem with the DIGEST authentication.
> I configured my web.xml as followed:
> <security-constraint>
>                 <web-resource-collection>
>                               <web-resource-name>app</web-resource-name>
>                               <url-pattern>/*</url-pattern>
>                 </web-resource-collection>
>                 <auth-constraint>
>                               <role-name>poweruser</role-name>
>                 </auth-constraint>
>  </security-constraint>
>  <login-config>
>                 <auth-method>DIGEST</auth-method>
>                 <realm-name>app</realm-name>
>              </login-config>
> So,if anybody try to access my app,he needs to input his username and password,while
the username and password are stored in the Oracle database,not configured in the tomcat-users.xml
file which located at $tomcat_home/conf/ directory. I can not configure it in the tomcat-users.xml
for the app has an function of make a new user.
>
> Is there anyway to solve this problem?
>
> P.S. I tried to solve it by coding in my program,like adding the following code to set
the response's status to ask for DIGEST authentication.
> ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> But I do not get a way to decryt the DIGEST information.
>
> Any advice will be appreciated!
> thanks.
> _________________________________________________________________
> News, entertainment and everything you care about at Live.com. Get it now!
> http://www.live.com/getstarted.aspx

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message