Hello all, I am having difficulty setting up digest authentication on Tomcat. I have tried tomcat 5.5.9 and 5.5.12, and I am having mixed results. I tried setting up the HTTP DIGEST authentication by placing a security constraint on my web.xml file, which works fine. However, my project also has a restraint that I must store digested versions of the password in a mysql database. This also worked perfectly using the JDBC realm and using the digest="MD5" attribute in my realm definiton in the server.xml file. Although, both of these methods work individually, I cannot get it to work in compliance with each other. The mysql digested passwords only work with HTTP BASIC authentication, and the HTTP DIGEST authentication only works with non digested passwords (even though I am properly setting the right flags (in server.xml, and in web.xml). Has anyone else observed this? Any solutions? I tried both the jdbc realm and going the tomcat-users.xml route, and I have had no luck getting it to work. I would sincerely appreciate any input.
Sincerely, Khawaja Shams
