tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <>
Subject Re: [tomcat]How to decrypt the DIGEST authentication?
Date Fri, 02 Nov 2007 11:49:04 GMT

Now Tomcat is also a cool pojo application server

Zhong, havnt been following this, so shoot my wife if this is stupid...

I dont think you can do what you want to...
I dont think you can use web based DIGEST authentication.
And then hide passwords in a MD5 digest as well.

I think web based DIGEST authentication, MUST get at the plain text 
If you change that to BASIC, THEN you can MD5 the plain text password.

DIGEST on the web is better though....

This is not a Tomcat problem, its just the way DIGEST works....
The browser taks the PASSWORD + Some Random stuff and gets a HASH from that.

That process has to be repeated on the server, and SHA(Password) + plus some 
random stuff NOT EQUAL to browser...
I think it has to be a plain text password... unless TC does something 

Have to choose.... its just the way web security works ;(

----- Original Message ----- 
From: "zhongliang zhang" <>
To: "Tomcat Users List" <>
Sent: Friday, November 02, 2007 3:14 AM
Subject: RE: [tomcat]How to decrypt the DIGEST authentication?

I have to turn to you again.
I encounter the problem with configuring the Digested-Password in the 
The JDBCRealm fragment of the $TOMCAT_HOME/conf/server.xml is shown as 
<Realm  className="org.apache.catalina.realm.JDBCRealm" 
connectionURL="jdbc:mysql://localhost/test"           connectionName="root" 
connectionPassword="root"           userTable="users" 
userNameCol="user_name" userCredCol="user_pass" 
userRoleTable="user_roles" roleNameCol="role_name" />
and in the $TOMCAT_HOME/conf/web.xml,I did the following 
<security-constraint> <web-resource-collection> 
<web-resource-name>all</web-resource-name>  <url-pattern>/*</url-pattern>

</web-resource-collection> <auth-constraint> 
it works with mysql database which is just for testing.Now in my database 
table users,I insert a record:
and in the database table,I insert a record:
So,it works before I added the digest attribute to the <Realm> element with 
value "SHA" or "MD5".
After I added the digest attribute,I copied the tomcat-juli.jar from 
$TOMCAT_HOME/bin to $TOMCAT_HOME/lib,then start up,
after I entered the username zhangzhongl and clear-text password(Now,in the 
database,I stored the password with SHA encrypted form),it does now 
work,which means I can not enter the tomcat welcome page.

I do not know what the reason is.
Please do me a favor.
thanks so much!> >> > 
 > ---------------------------------------------------------------------> To 
start a new topic, e-mail:> To unsubscribe, e-mail:> For additional commands, e-mail:>
Connect to the next generation of MSN Messenger

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message