Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:50 schrieben Sie:
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > resourceName="UserDatabase"> > <CredentialHandler > className="org.apache.catalina.realm.SecretKeyCredentialHandler" > algorithm="PBKDF2WithHmacSHA512" > iterations="100000" > keyLength="256" > saltLength="16" > </Realm> That worked right from the start, I had a DIGEST in tomcat-users.xml and was able to login with plain-text password provided to the browser. > <Realm className="org.apache.catalina.realm.LockOutRealm"> > ... > </Realm> Adding that didn't work, I was only able to login with providing the DIGEST of tomcat-users.xml as password to the browser, which actually made it a plain-text password at the server. The following fit as well to what I recognized: https://stackoverflow.com/questions/64733766/how-to-get-tomcat-credentialhandler-inside-java-when-nested-in-lockoutrealm BUT: I gave things an additional try now and especially after the discussion about auth-method BASIC vs. DIGEST and login DOES work now! I most likely not only added LockOutRealm at some point, but switched from BASIC auth to DIGEST as well, because I've read that in the CIS spec I worked with. That combination can't work and at some point I most likely became frustrated and changed DIGEST back to BASIC, while having changed other aspects of the realms already or might have simply forgotten to change passwords vs. digests in tomcat-users.xml or whatever. So, I guess the reason for the warnign about an ignored credential helper in LockOutRealm simply is because it doesn't handle credentials at all? And as LockOutRealm forwards actual login to its children THEIR assigned credential handlers are properly taken into account? So whatever the SO-guy sees, might have a different root cause, as it was the case for me. Thanks for triggering me to try again! Might have been to late already at Monday as well. :-) Mit freundlichen Grüßen Thorsten Schöning -- AM-SoFT IT-Service - Bitstore Hameln GmbH Mitglied der Bitstore Gruppe - Ihr Full-Service-Dienstleister für IT und TK E-Mail: thorsten.schoen...@am-soft.de Web: http://www.AM-SoFT.de/ Tel: +49 5151- 9468- 0 Tel: +49 5151- 9468-55 Mobil: +49 178-8 9468-04 AM-SoFT IT-Service - Bitstore Hameln GmbH, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 221853 - Geschäftsführer: Janine Galonska Für Rückfragen stehe ich Ihnen jederzeit zur Verfügung. Mit freundlichen Grüßen, Thorsten Schöning Telefon: +49 5151 9468-55 Fax: E-Mail: tschoen...@am-soft.de AM-Soft IT-Service - Bitstore Hameln GmbH Brandenburger Straße 7c 31789 Hameln Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen und ist ausschliesslich für den Adressaten bestimmt. Jeglicher Zugriff auf diese E-Mail durch andere Personen als den Adressaten ist untersagt. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Sollten Sie nicht der für diese E-Mail bestimmte Adressat sein, ist Ihnen jede Veröffentlichung, Vervielfältigung oder Weitergabe wie auch das Ergreifen oder Unterlassen von Massnahmen im Vertrauen auf erlangte Information untersagt. This e-mail may contain confidential and/or privileged information and is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Hinweise zum Datenschutz: bitstore.group/datenschutz --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
