On 13/01/2021 09:36, Ravi Kumar wrote:
> Hi Tomcat Team,
> 
> I am using a Tomcat based webserver container for our web application. All
> the deplyoment and other task taken care using TOMCAT 7.10.105.

Tomcat 7.0.x will reach end of life on 31 March 2021.

> Currently we are using the BASIC Authentication for the Manager and tomcat
> web application.
> Can we migrate and use DIGEST Authentication for the same ?

Yes.

> What are the
> suggested and recommended way to implement and using DIGEST Authentication
> with TOMCAT 7 web applications?

Simply replace "<auth-method>BASIC</auth-method>" in the application's
web.xml file with "<auth-method>DIGEST</auth-method>"

> Your valuable assistance is much appreciated.

If you are storing passwords in digest form note the following:
http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#Digested_Passwords

Generally, you are better off switching from BASIC+http to BASIC+https
rather than DIGEST+http. If you are already using BASIC+https then
switching to DIGEST+https is unlikely to gain you anything.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to