Re: Digest Authentication

Pid Thu, 11 Feb 2010 13:14:51 -0800

Please post a completely new message to the list, rather than justediting the subject & body out for your message.

An edited reply appears as part of a existing thread, with an unexpectedsubject change. This is called thread hijacking.



p



On 11/02/2010 19:13, Stanley Wong wrote:

I am using Tomcat 6.0. I try to implement digest authentication.

That is what I do:

1. Deploy a auth.war file to Tomcat, whose web.xml has this setting:

        <!-- Default page to serve -->
        <welcome-file-list>
                <welcome-file>Auth.html</welcome-file>
        </welcome-file-list>

        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>Web
Resource</web-resource-name>
                        <url-pattern>/*</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>author</role-name>
                </auth-constraint>
        </security-constraint>

        <login-config>
                <auth-method>DIGEST</auth-method>
                <digest>SHA</digest>
                <realm-name>Realm</realm-name>
        </login-config>

        <security-role>
                <role-name>author</role-name>
        </security-role>

2. UserDatabaseRealm

The Realm in use is UserDatabaseRealm, where usernames and passwords are
stored in tomcat-users.xml:

<tomcat-users>
   <role rolename="author"/>
   <user username="stan1"
password="2b43fb8b7a234825d50dd49ce7892d78a59da8f3" roles="author"/>
   <user username="stan2"
password="389ccb5689c09fb8528d7e5bdc056abe7617f1d2" roles="author"/>
/tomcat-users>

The password of username is stan1, the digested password is generated
from this command line:

digest -a sha stan1

The password of username is stan2, the digested password is generated
from this command line:

digest -a sha stan2:Realm:stan2


3. server.xml

I add these lines to server.xml

       <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                  resourceName="UserDatabase" digest="SHA"/>

       <!-- Define the default virtual host
            Note: XML Schema validation will not work with Xerces 2.2.
        -->
       <Host name="localhost"  appBase="webapps"
             unpackWARs="true" autoDeploy="true"
             xmlValidation="false" xmlNamespaceAware="false">

                <Realm
className="org.apache.catalina.realm.UserDatabaseRealm"
                resourceName="UserDatabase" digest="SHA"/>

        </Host>


4. Run the app

I deployed the war to localhost, and access to the web app
(http://localhost:8079/Auth)


Unfortunately, the digest authentication always fails.

What could be wrong?


Stanley


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Digest Authentication

Reply via email to