March 2021.
Currently we are using the BASIC Authentication for the Manager and tomcat
web application.
Can we migrate and use DIGEST Authentication for the same ?
Yes.
What are the
suggested and recommended way to implement and using DIGEST Authentication
with TOMCAT 7 web applications?
Simply
using the BASIC Authentication for the Manager and tomcat
> web application.
> Can we migrate and use DIGEST Authentication for the same ?
Yes.
> What are the
> suggested and recommended way to implement and using DIGEST Authentication
> with TOMCAT 7 web applications?
Simply replac
Hi Tomcat Team,
I am using a Tomcat based webserver container for our web application. All
the deplyoment and other task taken care using TOMCAT 7.10.105.
Currently we are using the BASIC Authentication for the Manager and tomcat
web application.
Can we migrate and use DIGEST Authentication for
n form in the browser. The password hash is not matching. We
> > cannot tell how the form is using the SALT to hash the password to see
> > where the issue is.
> >
> > Can you tell us exactly how Tomcat authentication form uses the SALT
> > configured in the web.xml
and password as one string or uses another method?
That will never work with HTTP DIGEST authentication. As per the Realm
HowTo:
CATALINA_HOME/bin/digest.[bat|sh] -a {algorithm} {cleartext-password}
...
If using digested passwords with DIGEST authentication, the cleartext
used to generate the digest is
Tomcat 9.0.36
JDK 1.8.0_251
We are trying to use Tomcat JDBCRealm to access user credentials stored in
Oracle DB. The user password is hashed with a SALT and stored in a table.
*ISSUE:* We can authenticate using the BASIC auth-method while passing the
hashed string of the password but the DIGEST
DigestAuthenticator class in tomcat6 to split digest authentication header like
it is done in tomcat7, because this is the real cause of the problem - the
regular expression submitted to the split method cannot properly handle
unquoted parameters at the end of the auth header line.
Thank you for your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rainer,
On 3/17/15 11:12 AM, Rainer Jung wrote:
> Am 17.03.2015 um 15:40 schrieb Sascha Skorupa:
>> Hi Rainer,
>>
>> currently not (Apache 2.2) but it might be an option to upgrade
>> the OS and the Apache if it leads to a solution.
>
> OK. But th
Am 17.03.2015 um 15:40 schrieb Sascha Skorupa:
Hi Rainer,
currently not (Apache 2.2) but it might be an option to upgrade the OS and the
Apache if it leads to a solution.
OK. But think twice, whether it is better to just compile mod_jk from
sources or do the big update. Updating to 2.4 will
: Re: Migration from Tomcat6-Cluster to Tomcat7-Cluster: Digest
Authentication problem
Hi Sascha,
Am 17.03.2015 um 13:02 schrieb Sascha Skorupa:
> Rainer, thank you for this hint, but unfortunately, this feature is too new
> to be included in any current mod_jk linux package and building i
[mailto:ch...@christopherschultz.net]
Gesendet: Freitag, 13. März 2015 19:24
An: Tomcat Users List
Betreff: Re: Migration from Tomcat6-Cluster to Tomcat7-Cluster: Digest
Authentication problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rainer,
On 3/13/15 12:15 PM, Rainer Jung wrote:
Am
, Mark Thomas wrote:
>>> On 12/03/2015 15:20, Sascha Skorupa wrote:
>>>> Hi,
>>>>
>>>> here:
>>>>
>>>> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-
>>>> digest-authentication
>>>>
&
:
>>> On 12/03/2015 15:20, Sascha Skorupa wrote:
>>>> Hi,
>>>>
>>>> here:
>>>>
>>>> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
>>>>
>>>>
>>>>
>>&g
Am 13.03.2015 um 16:28 schrieb Christopher Schultz:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 3/12/15 1:13 PM, Mark Thomas wrote:
On 12/03/2015 15:20, Sascha Skorupa wrote:
Hi,
here:
http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 3/12/15 1:13 PM, Mark Thomas wrote:
> On 12/03/2015 15:20, Sascha Skorupa wrote:
>> Hi,
>>
>> here:
>>
>> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
>&g
> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
>>
>> the same problem is described and the recommended solution is to use sticky
>> load balancing. But, the problem in a tomcat cluster is that the session ID
>> is generated a
On 12/03/2015 15:20, Sascha Skorupa wrote:
> Hi,
>
> here:
>
> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
>
> the same problem is described and the recommended solution is to use sticky
> load balancing. But, the problem in
Hi,
here:
http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
the same problem is described and the recommended solution is to use sticky
load balancing. But, the problem in a tomcat cluster is that the session ID is
generated after a successful
both HTTP requests resulting
from the digest authentication are sent to the same tomcat instance. In Tomcat
6 it was no problem because nonces were not cached or rather unknown nonces did
not force a re-authentication like it is done in the DigestAuthenticator of
Tomcat 7:
if
ion has both steps going to the same server
>> (can use F5's cookie for stickiness)
>>
>> 2. Subsequent authenticated requests go to that same server (can
>> use Tomcat's cookie for stickiness)
>>
>> 3. All stickiness expires when the user's authenticated
hat you want is the following:
>
>1. 2-step authentication has both steps going to the same server (can
>use F5's cookie for stickiness)
>
>2. Subsequent authenticated requests go to that same server (can use
>Tomcat's cookie for stickiness)
>
>3. All stickiness ex
> From: cdeha...@ebay.com
> To: users@tomcat.apache.org
> CC: cdeha...@ebay.com
> Subject: Re: multiple servers and digest authentication
> Date: Sat, 30 Nov 2013 01:55:32 +
>
> Hi,
>
> Thanks for your answers:
>
> 1/ Sticky session : yes, that is the
F5's cookie for stickiness)
2. Subsequent authenticated requests go to that same server (can use
Tomcat's cookie for stickiness)
3. All stickiness expires when the user's authenticated session
expires. Since HTTP-DIGEST authentication does not have a standard way
to de-authentic
Hi,
Thanks for your answers:
1/ Sticky session : yes, that is the way I have currently set my load
balancer.
But there is a drawback when the client is contineoulsy using the service
=> because it will never been load balanced again.
The worst is when one of the server is stopped and restarted =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 11/27/13, 5:15 AM, André Warnier wrote:
> Mark Thomas wrote:
>> On 27/11/2013 07:34, Dehaudt, Christophe wrote:
>>> Is there a way to share the nonce between servers so they can
>>> act as one?
>>
>> No. You'd need to customise the Digest
Mark Thomas wrote:
On 27/11/2013 07:34, Dehaudt, Christophe wrote:
Is there a way to share the nonce between servers so they can act as one?
No. You'd need to customise the DigestAuthenticator to do that.
I would like to get your advices , how to make a multiple server deployment
running wi
On 27/11/2013 07:34, Dehaudt, Christophe wrote:
> Is there a way to share the nonce between servers so they can act as one?
No. You'd need to customise the DigestAuthenticator to do that.
> I would like to get your advices , how to make a multiple server deployment
> running with Http digest.
U
that the digest authentication looks to work fine for
one single server , but for with multiple.
Indeed, when a specific server of the pool is receiving the request and returns
401 + the nonce,
this same server must receive the second request (with the authentication) to
get a success.
If an
prevent this from happening.
Thanks,
-Bruce
On Nov 18, 2013, at 10:29 AM, Bruce Weertman wrote:
> I am running into an intermittent problem with Digest-Authentication. This is
> with tomcat 7.0.39
>
> The issue appears to be that clients will occasionally get locked out for 5
&g
I am running into an intermittent problem with Digest-Authentication. This is
with tomcat 7.0.39
The issue appears to be that clients will occasionally get locked out for 5
minutes. The problem
appears to happen with there is a combination of good password and then bad
password, or the
other
Hi,
Now that digest authentication is fixed (Tomcat 6.0.36), how do we ensure that
clients' authentication requests are routed to correct Tomcats in load balanced
deployments? Otherwise, clients can get stuck in re-authentication loops
(until they happen to be routed to the same Tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.35
- - Tomcat 5.5.0 to 5.5.35
- - Earlier, unsupported
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sailendra,
On 10/2/2011 3:44 PM, sailendra karthik wrote:
> I am able to develop a custom realm with basic type
Great.
> But when i change this to DIGEST it is not digesting the password.
I think maybe you are misunderstanding how
Hi,
Iam able to develop a custom realm with basic type But when i change
this to DIGEST it is not digesting the password.
Please provide Any example or some detailed steps.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST
authentication
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.11
- - Tomcat 6.0.0 to 6.0.32
- - Tomcat 5.5.0 to 5.5.33
I am using Tomcat 6.0. I try to implement digest authentication.
That is what I do:
1. Deploy a auth.war file to Tomcat, whose web.xml has this setting:
Auth.html
Web
Reso
List
Subject: RE: Digest Authentication
Thank you.
I make some progress, but still need some helps.
That is what I did:
1. replace the hashing algorithm from SHA to MD5.
2. remove the line from
The new section of web.xml looks as follows:
DIGEST
on in
.
For example:
DIGEST
MD5
stanley_realm
I, hereafter, generate the hashing message with digest.bat:
digest -a md5 stan4:stanley_realm:stan4
The digest authentication no longer works.
Would you give me
2010/2/11 Caldarale, Charles R :
> This is closer, but the doc says to include the realm name, not the word
> "Realm" in the calculation. The realm name appears to be the server name and
> port, but I haven't verified that.
>
The realm name is usually provided as Realm
in element in web.xml.
2010/2/11 Stanley Wong :
> I am using Tomcat 6.0. I try to implement digest authentication.
>
You are confusing DIGEST authentication (i.e., transmitting a hash of
password over network) with validating plain passwords using digest
(i.e, not storing a plain text password).
The value u
> From: Stanley Wong [mailto:w...@pcigeomatics.com]
> Subject: Digest Authentication
>
> digest -a sha stan1
The Tomcat doc makes no mention of using the stand digest tool, but instead
org.apache.catalina.realm.RealmBase. I have no idea if or how they differ in
their calculation
I am using Tomcat 6.0. I try to implement digest authentication.
That is what I do:
1. Deploy a auth.war file to Tomcat, whose web.xml has this setting:
Auth.html
Web
Resource
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 1/19/2010 6:32 AM, André Warnier wrote:
> vpapado wrote:
>> Hello,
>>
>> I have a problem in logout mechanism for my web app. For logging in I use
>> Digest Authentication. Here is how things go:
>>
> ..
Thank you.
awarnier wrote:
>
> vpapado wrote:
>> Hello,
>>
>> I have a problem in logout mechanism for my web app. For logging in I use
>> Digest Authentication. Here is how things go:
>>
> ...
>>
>> Is there a problem in logout mecha
vpapado wrote:
Hello,
I have a problem in logout mechanism for my web app. For logging in I use
Digest Authentication. Here is how things go:
...
Is there a problem in logout mechanism for Digest Authentication? Is logout
not supported for diggest authentication? How could I manage to
Hello,
I have a problem in logout mechanism for my web app. For logging in I use
Digest Authentication. Here is how things go:
1. On the same web app I first used Form Authentication and on each jsp page
I created I used, on logout, bellow code:
session.invalidate();
response.sendRedirect
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
Mark Thomas wrote:
> Christopher Schultz wrote:
>> See above.
>
> Like it ;)
Points for style? Always worth it.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.
Christopher Schultz wrote:
> See above.
Like it ;)
Mark
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
See above.
罗时飞 wrote:
> See above.
>
> Thx.
>
>
>
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHVW1A9CaO5/Lv0PARAo5BAJwJr9411SaSrAFHlvVPhr0vUvVG/QCgu6s/
rZib9b
See above.
Thx.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED
First of all,thanks for your replying.
I have try that way,and acturally,I always configure customized error page when
I developed web application.
But it seems that the digest authentication was done by tomcat,which means it
has not entered my application yet.so,the customized error page is
Hi,
I may be wrong but did you checked there ?
http://tomcat.apache.org/faq/misc.html#error
Lionel
zhongliang zhang wrote:
Hi,
I am using Tomcat JDBCRealm to authenticate the use that stored in the
database(Oracle).While when I input the user name and password to log in my
application,if I
Hi,
I am using Tomcat JDBCRealm to authenticate the use that stored in the
database(Oracle).While when I input the user name and password to log in my
application,if I input the wrong username and password for 3 times,then the
page redirect to the tomcat-specific error page.
I want to know whet
---
HARBOR: http://coolharbor.100free.com/index.htm
Now Tomcat is also a cool pojo application server
---
Just a note...
The way you are doing it, makes
: "zhongliang zhang" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Monday, November 05, 2007 8:16 AM
Subject: RE: [tomcat]How to decrypt the DIGEST authentication?
thanks for your replying.
Now It works if I specify the alg with "MD5",but still does not work with
&q
thanks for your replying.
Now It works if I specify the alg with "MD5",but still does not work with "SHA".
and I do not know what does the middle field of "zhangzhongl:JDBCRealm:secret"
means,that is,the "JDBCRealm",is it a unchangeable part?I do not think so,for
the Tomcat docs give an example
: "zhongliang zhang" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Monday, November 05, 2007 5:28 AM
Subject: RE: [tomcat]How to decrypt the DIGEST authentication?
Hi,
It still does not work.
Here is the trace:
I create the SHA1 password from the comma
;Mark Thomas" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Sunday, November 04, 2007 8:24 PM
Subject: Re: [tomcat]How to decrypt the DIGEST authentication?
Mark Thomas wrote:
Johnny Kewl wrote:
I dont think you can do what you want to...
I dont think you can use web b
Hi,
It still does not work.
Here is the trace:
I create the SHA1 password from the command prompt:
C:\tomcat>java org.apache.catalina.realm.RealmBase -a SHA1 zhangzhongl:JDBCRealm
:secret
zhangzhongl:JDBCRealm:secret:0743d07d727aae8864569cbcefb9ae788150e8b9
C:\tomcat>java org.apache.catalina.
thanks very much for all your replying.
But I can not make it works.
I store the password in HexUtils.convert(byte[]) method to store the password
in my Oracle database.
And I configure the Tomcat JDBCRealm with the "digest" attribute.
And I do a test with MySQL database,for it is small and e
zhongliang zhang wrote:
> Hi,Mark,
> I have to turn to you again.
> I encounter the problem with configuring the Digested-Password in the
> JDBCRealm.
> The JDBCRealm fragment of the $TOMCAT_HOME/conf/server.xml is shown as
> followed:
> driverName="com.mysql.jdbc.Driver"
> connection
Mark Thomas wrote:
> Johnny Kewl wrote:
>> I dont think you can do what you want to...
>> I dont think you can use web based DIGEST authentication.
>> And then hide passwords in a MD5 digest as well.
>
> Yes you can.
>
>> I think web based DIGEST authen
Johnny Kewl wrote:
> I dont think you can do what you want to...
> I dont think you can use web based DIGEST authentication.
> And then hide passwords in a MD5 digest as well.
Yes you can.
> I think web based DIGEST authentication, MUST get at the plain text
> password.
No.
>
wife if this is stupid...
I dont think you can do what you want to...
I dont think you can use web based DIGEST authentication.
And then hide passwords in a MD5 digest as well.
I think web based DIGEST authentication, MUST get at the plain text
password.
If you change that to BASIC, THEN you
Hi,Mark,
I have to turn to you again.
I encounter the problem with configuring the Digested-Password in the JDBCRealm.
The JDBCRealm fragment of the $TOMCAT_HOME/conf/server.xml is shown as followed:
and in the $TOMCAT_HOME/conf/web.xml,I did the following security-constraint:
all /*
cust
Thank you very much for all your reply.
I think because of the time-zone between us,while I am in China,we do not have
the same online time. so I replied late.
I will try that way to specify the element.
thanks a lot.
I do not know whether that feature works well with Tomcat 5.5,if so,I can use
zhongliang zhang wrote:
> Thanks a lot.I think I got another way to solve the group hierarchical
> problem,but I am not sure about it. maybe you can help me to confirm it:I
> wrote the SQL as followed:create or replace view groupview asselect
> usertable.username,
> decode(usert
thanks in advance!
> Date: Wed, 31 Oct 2007 10:51:42 +> From: [EMAIL PROTECTED]> To:
> users@tomcat.apache.org> Subject: Re: [tomcat]How to decrypt the DIGEST
> authentication?> > zhongliang zhang wrote:> >> But the application allows
> creating new group,how
zhongliang zhang wrote:
>> But the application allows creating new group,how do I solve this problem?>
>> > What problem? You need to say what the problem is if we are going to be>
>> able to help.
web.xml doesn't support the dynamic addition of new groups. Further, the
Realm doesn't understand
> But the application allows creating new group,how do I solve this problem?> >
> What problem? You need to say what the problem is if we are going to be> able
> to help.
Only the member of group "administrators" have access to the adminitrative
page,and other groups,like "groupA","groupB",... t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
Mark Thomas wrote:
> The special role * means all roles defined in your application,
> not all authenticated users. You'll have to create an all users group,
> assign it to every user and then use that in your web.xml
I think it is more precise
m and a filter to do this, now,I
> think I do not need an login form,
It isn't clear to what form situation you are referring. If you use DIGEST
authentication you do not need a login form.
does the filter still can work for the role-check? Or is there any
mechanism just needs configur
ation,not coding?
thanks a lot for your patience!
> Date: Wed, 31 Oct 2007 01:47:27 +> From: [EMAIL PROTECTED]> To:
> users@tomcat.apache.org> Subject: Re: [tomcat]How to decrypt the DIGEST
> authentication?> > zhongliang zhang wrote:> > In the database(Oracle)
zhongliang zhang wrote:
> In the database(Oracle),the tables I used are usertable and grouptable,the
> association table of them is groupmembertable:
> usertable has columns of userid,username and password
> grouptable has columns of groupid,groupname
> groupmembertable has columns of groupid,user
following
element:admin
set to *?
thanks in advance for your kindness!
> Date: Wed, 31 Oct 2007 01:01:04 +> From: [EMAIL PROTECTED]> To:
> users@tomcat.apache.org> Subject: Re: [tomcat]How to decrypt the DIGEST
> authentication?> > zhongliang zhang wrote:> &g
zhongliang zhang wrote:
> Thanks a lot for everyone's reply.
> I use the JDBCRealm and I store the users information and roles information
> in the database,such as Oracle.
> then in my application set the security part in the web.xml,which has an
> auth-method with DIGEST.
> So,the username and
n the remote client with an
browser will be digested,and sent to the server side.
Is that right?
> Date: Tue, 30 Oct 2007 18:33:08 -0400> From: [EMAIL PROTECTED]> To:
> users@tomcat.apache.org> Subject: Re: [tomcat]How to decrypt the DIGEST
> authentication?> >
alms and stuff like that. You are
talking about using a crypto digest of passwords in a database. HTTP
DIGEST is different from that:
http://en.wikipedia.org/wiki/Digest_access_authentication
Unfortunately, when using DIGEST authentication, the server either needs
to store the cleartext password or be
realm.RealmBase| class, passing the cleartext
password and the digest algorithm name as arguments. This method will
return the digested password."
Roger
zhongliang zhang wrote:
> Hi,everyone,
> I got a problem with the DIGEST authentication.
> I conf
zhongliang zhang wrote:
> I checked the url that you supplied to me and expecially the JDBCRealm
> part,for I have stored the username and password in a relational database.
> So,what I need to do is:
> 1.build the users table and the roles table.
> 2.configure the org.apache.catalina.realm.JDBCRe
advance!
> Date: Tue, 30 Oct 2007 04:13:01 -0300> From: [EMAIL PROTECTED]> To:
> users@tomcat.apache.org> Subject: Re: [tomcat]How to decrypt the DIGEST
> authentication?> > Hi,> > Digest authentication involves multiple MD5s
> including the username,> password, u
Hi,
Digest authentication involves multiple MD5s including the username,
password, url, realm, random data... Believe me when I tell you that
there is no way that you will get the password from the digest (in
fact, it was designed this way so this is not feasible.)
For your original question
Hi,everyone,
I got a problem with the DIGEST authentication.
I configured my web.xml as followed:
app
/*
poweruser
jamurph wrote:
>>From your response, it looks like JNDI, JDBC, digested passwords with digest
> authentication, are not supported until Tomcat version 5.5.5? It would
> explain why DIGEST with JNDI / JDBC doesn't work if running tomcat 5.0.28.
> I'm looking in the rel
e password is stored as
clear text.
>From your response, it looks like JNDI, JDBC, digested passwords with digest
authentication, are not supported until Tomcat version 5.5.5? It would
explain why DIGEST with JNDI / JDBC doesn't work if running tomcat 5.0.28.
I'm looking in the rele
I have Tomcat working with FORM and BASIC authentication. All is OK for
this 2 modes.
When i try with DIGEST and insert digest="MD5" in the JAAS realm i have
the error copied in attach.
IS Digest supported with JAAS in this Tomcat version ??? What can i do ?
Is it a bug ? or a configuration pb ?
Mark,
I think the pb is not due to DIGEST password format.
My JAAS LoginModule who is working with FORM and BASIC authentication is
not called during DIGEST authentication.
I have inserted some traces in the authenticate, initialize and login
methods of my LoginModule...and no traces are
[EMAIL PROTECTED] wrote:
> I have Tomcat working with FORM and BASIC authentication. All is OK for
> this 2 modes.
> When i try with DIGEST and insert digest="MD5" in the JAAS realm i have
> the error copied in attach.
With DIGEST auth and digest="MD5" you need to make sure the passwords
are dig
I have Tomcat working with FORM and BASIC authentication. All is OK for
this 2 modes.
When i try with DIGEST and insert digest="MD5" in the JAAS realm i have
the error copied in attach.
IS Digest supported with JAAS in this Tomcat version ??? What can i do ?
Is it a bug ?
1 mai 2006 23:36:52 or
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 08, 2006 4:38 PM
To: Tomcat Users List
Subject: Re: BASIC authentication to DIGEST authentication
Jay Burgess wrote:
> Given that I've got BASIC authentication working for my webapp using cleartext
> passwords, shouldn't I simply be
Jay Burgess wrote:
> Given that I've got BASIC authentication working for my webapp using cleartext
> passwords, shouldn't I simply be able to change my from "BASIC"
> to
> "DIGEST" in and it should start working using digest
> authentication?
>
Given that I've got BASIC authentication working for my webapp using cleartext
passwords, shouldn't I simply be able to change my from "BASIC" to
"DIGEST" in and it should start working using digest
authentication?
It's not, obviously, but I've se
92 matches
Mail list logo
