Author: fschumacher
Date: Sun Jun 12 11:30:48 2016
New Revision: 1747980
URL: http://svn.apache.org/viewvc?rev=1747980&view=rev
Log:
Mention the usage of CredentialHandlers instead of deprecated digest attribute
in howto.
Modified:
tomcat/trunk/webapps/docs/realm-howto.xml
Modified: tomcat/trunk/webapps/docs/realm-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/realm-howto.xml?rev=1747980&r1=1747979&r2=1747980&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/realm-howto.xml (original)
+++ tomcat/trunk/webapps/docs/realm-howto.xml Sun Jun 12 11:30:48 2016
@@ -168,13 +168,15 @@ authentication.</p>
<p>When a standard realm authenticates by retrieving the stored
password and comparing it with the value presented by the user, you
-can select digested passwords by specifying the <code>digest</code>
-attribute on your <code><Realm></code> element. The value for
-this attribute must be one of the digest algorithms supported by the
-<code>java.security.MessageDigest</code> class (SHA, MD2, or MD5).
-When you select this option, the contents of the password that is
-stored in the <code>Realm</code> must be the cleartext version of the
-password, as digested by the specified algorithm.</p>
+can select digested passwords by placing a <a
href="config/credentialhandler.html">
+<code>CredentialHandler</code></a> element inside your
<code><Realm></code>
+element. An easy choice to support one of the algorithms SSHA, SHA or MD5
+would be the usage of the <code>MessageDigestCredentialHandler</code>.
+This element must be configured to one of the digest algorithms supported
+by the <code>java.security.MessageDigest</code> class (SSHA, SHA or MD5).
+When you select this option, the contents of the password that is stored
+in the <code>Realm</code> must be the cleartext version of the password,
+as digested by the specified algorithm.</p>
<p>When the <code>authenticate()</code> method of the Realm is called, the
(cleartext) password specified by the user is itself digested by the same
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
