2010/3/30 Nick Wiedenbrück :
> I got it working on Tomcat 6 and Jetty, but I've got a problem with Tomcat
> 5.5.23,
It will not work with 5.5.23, because it is some issue that was fixed
in a later version. (Headers were cleared when rendering a custom
page). Search the bugzilla or look in the cha
Hi, I'm trying to get digest authentication working on Tomcat 5.5.23. I got
it working on Tomcat 6 and Jetty, but I've got a problem with Tomcat 5.5.23,
because there no WWW-Authenticate header is sent. I figured out that it will
work if I remove error-page 401 configuration from
Mark Thomas wrote:
On 24/12/2009 02:18, Christopher Schultz wrote:
On 12/23/2009 2:13 PM, Mark Thomas wrote:
digest is (almost) completely orthogonal to DIGEST authentication.
digest controls whether or not the password stored on the server is held
in plain text or in digest form. It is (almost
On 24/12/2009 02:18, Christopher Schultz wrote:
> On 12/23/2009 2:13 PM, Mark Thomas wrote:
>> digest is (almost) completely orthogonal to DIGEST authentication.
>
>> digest controls whether or not the password stored on the server is held
>> in plain text or in digest form. It is (almost) indepen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 12/23/2009 2:13 PM, Mark Thomas wrote:
> On 23/12/2009 16:49, Christopher Schultz wrote:
>> The servlet specification actually makes DIGEST authentication optional
>> for spec0compliant containers, which is interesting. There is also no
>> (s
On 23/12/2009 16:49, Christopher Schultz wrote:
> The servlet specification actually makes DIGEST authentication optional
> for spec0compliant containers, which is interesting. There is also no
> (standard) way to configure the algorithm for DIGEST authentication.
> Tomcat allows you to do it using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/21/2009 7:34 AM, André Warnier wrote:
> insi wrote:
>> Hi,
>>
>> My tomcat server is sending www-authenticate (digest) header but the
>> header
>> doesn't contain the algorithm field, which one is choosen
insi wrote:
Hi,
My tomcat server is sending www-authenticate (digest) header but the header
doesn't contain the algorithm field, which one is choosen by default?
MD5
How do I specify it to use particular algorithm (sha1/md5)?
In short, you can't.
See HTTP 2616 and 2617.
Theoreti
Hi,
My tomcat server is sending www-authenticate (digest) header but the header
doesn't contain the algorithm field, which one is choosen by default?
How do I specify it to use particular algorithm (sha1/md5)?
--
View this message in context:
http://old.nabble.com/Www-authent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mitch,
Fisher, Mitchell L wrote:
>> Christopher Schultz wrote:
>>> When you want to log someone out of BASIC authentication, you
>>> have to send a blank "WWW-Authenticate" header to the client,
>>> ju
inal Message -
From: "Fisher, Mitchell L" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Sunday, January 21, 2007 1:31 PM
Subject: RE: how to tell Tomcat to send a blank "WWW-Authenticate" header?
> Christopher Schultz wrote:
>> Also, you c
out of BASIC authentication, you have to send a blank
>> "WWW-Authenticate" header to the client, just the same way that
Tomcat
>> would do if you weren't already authenticated.
Could you expand on this? RFC2616 (HTTP/1.1)
(http://www.w3.org/Protocols/rfc2616/rfc26
er to access the forbidden resource. When you want to log
>> someone out of BASIC authentication, you have to send a blank
>> "WWW-Authenticate" header to the client, just the same way that Tomcat
>> would do if you weren't already authenticated.
>
> Is there a
ve to send a blank
"WWW-Authenticate" header to the client, just the same way that Tomcat
would do if you weren't already authenticated.
Is there a way to tell Tomcat to send a blank "WWW-Authenticate" header to the
client when authorization fails? I would like to not use FO
2005/12/19, Francis Galiegue <[EMAIL PROTECTED]>:
> Hello,
>
> As the subject says, we have a problem with Tomcat 5.0 (5.0.27 through
> 5.0.30 to be precise) where a servlet invoked from tomcat5 does NOT
> send a www-authenticate header back, resulting in a definitive 401
&
[I don't know why, looks like the original message didn't make it to
the list... Sorry if it's a double send]
Hello,
As the subject says, we have a problem with Tomcat 5.0 (5.0.27 through
5.0.30 to be precise) where a servlet invoked from tomcat5 does NOT
send a www-authentic
Hello,
As the subject says, we have a problem with Tomcat 5.0 (5.0.27 through
5.0.30 to be precise) where a servlet invoked from tomcat5 does NOT
send a www-authenticate header back, resulting in a definitive 401
error. This violates RFC 2616 (paragraph 14.47).
As we suspected Apache first, I
17 matches
Mail list logo
