---------------------------------------------------------------------------
HARBOR: http://coolharbor.100free.com/index.htm
Now Tomcat is also a cool pojo application server
---------------------------------------------------------------------------
Zhong, havnt been following this, so shoot my wife if this is stupid...
I dont think you can do what you want to...
I dont think you can use web based DIGEST authentication.
And then hide passwords in a MD5 digest as well.
I think web based DIGEST authentication, MUST get at the plain text
password.
If you change that to BASIC, THEN you can MD5 the plain text password.
DIGEST on the web is better though....
This is not a Tomcat problem, its just the way DIGEST works....
The browser taks the PASSWORD + Some Random stuff and gets a HASH from that.
That process has to be repeated on the server, and SHA(Password) + plus some
random stuff NOT EQUAL to browser...
I think it has to be a plain text password... unless TC does something
unbelievable...
Have to choose.... its just the way web security works ;(
----- Original Message -----
From: "zhongliang zhang" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Friday, November 02, 2007 3:14 AM
Subject: RE: [tomcat]How to decrypt the DIGEST authentication?
Hi,Mark,
I have to turn to you again.
I encounter the problem with configuring the Digested-Password in the
JDBCRealm.
The JDBCRealm fragment of the $TOMCAT_HOME/conf/server.xml is shown as
followed:
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost/test" connectionName="root"
connectionPassword="root" userTable="users"
userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
and in the $TOMCAT_HOME/conf/web.xml,I did the following
security-constraint:
<security-constraint> <web-resource-collection>
<web-resource-name>all</web-resource-name> <url-pattern>/*</url-pattern>
</web-resource-collection> <auth-constraint>
<role-name>customized</role-name>
</auth-constraint></security-constraint><login-config>
<auth-method>DIGEST</auth-method>
<realm-name>JDBCRealm</realm-name></login-config>
it works with mysql database which is just for testing.Now in my database
table users,I insert a record:
user_name:zhangzhongl
user_pass:zhangzhongl
and in the database table,I insert a record:
role_name:customized
username:zhangzhongl
So,it works before I added the digest attribute to the <Realm> element with
value "SHA" or "MD5".
After I added the digest attribute,I copied the tomcat-juli.jar from
$TOMCAT_HOME/bin to $TOMCAT_HOME/lib,then start up,
after I entered the username zhangzhongl and clear-text password(Now,in the
database,I stored the password with SHA encrypted form),it does now
work,which means I can not enter the tomcat welcome page.
I do not know what the reason is.
Please do me a favor.
thanks so much!> >
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#Digested%20Passwords> >
Mark>
> ---------------------------------------------------------------------> To
start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail:
[EMAIL PROTECTED]> For additional commands, e-mail:
[EMAIL PROTECTED]>
_________________________________________________________________
Connect to the next generation of MSN Messenger
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
