Hi, Digest authentication involves multiple MD5s including the username, password, url, realm, random data... Believe me when I tell you that there is no way that you will get the password from the digest (in fact, it was designed this way so this is not feasible.)
For your original question, you may want to check this http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html Regards, lg On Oct 30, 2007 1:50 AM, zhongliang zhang <[EMAIL PROTECTED]> wrote: > Hi,everyone, > I got a problem with the DIGEST authentication. > I configured my web.xml as followed: > <security-constraint> > <web-resource-collection> > <web-resource-name>app</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>poweruser</role-name> > </auth-constraint> > </security-constraint> > <login-config> > <auth-method>DIGEST</auth-method> > <realm-name>app</realm-name> > </login-config> > So,if anybody try to access my app,he needs to input his username and > password,while the username and password are stored in the Oracle > database,not configured in the tomcat-users.xml file which located at > $tomcat_home/conf/ directory. I can not configure it in the tomcat-users.xml > for the app has an function of make a new user. > > Is there anyway to solve this problem? > > P.S. I tried to solve it by coding in my program,like adding the following > code to set the response's status to ask for DIGEST authentication. > ((HttpServletResponse) > response).setStatus(HttpServletResponse.SC_UNAUTHORIZED); > But I do not get a way to decryt the DIGEST information. > > Any advice will be appreciated! > thanks. > _________________________________________________________________ > News, entertainment and everything you care about at Live.com. Get it now! > http://www.live.com/getstarted.aspx --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
