Re: Tomcat 9.0.0-M4 seems not to start digest algorithm on JDBC Realm as did tomcat 8.0.25
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fabio, On 4/24/16 11:36 AM, Fabio Ricci wrote: > appreciate the sunday answer (thank you). > > To say the truth: I did read the documentation and the migration > guide. > > But since there are no examples in > http://tomcat.apache.org/tomcat-8.0-doc/config/credentialhandler.html, > > I did not manage to create my own implementation concreteness. That’s > why I deared to ask the community. What examples did you want to see? You don't have to write your own credential handler (code)... just use one of those already present. There aren't many choices. If you read the page you referenced above (the CredentialHandler configuration page), you should be able to build a element that meets your requirements quite easily. Were you hoping for a copy-and-paste solution? If you were thinking of coming to ApacheCon in May, I'll plug my own presentation which is all about CredentialHandlers -- and, in fact, migrating away from simple MD5 hashes to much more secure forms of credential-storage. Here's a reference to the abstract: http://apachecon2016.sched.org/event/6OIs/seemless-upgrades-for-credenti al-security-in-apache-tomcat-christopher-schultz-total-child-health?ifra me=yes&w=i:0;&sidebar=yes&bg=no#?iframe=yes&w=i:0;&sidebar=yes&bg=no (I don't seem to be able to get anyone to correct the typo in the title. Hrmph.) - -chris >> On 24 Apr 2016, at 17:31, Mark Thomas wrote: >> >> On 22/04/2016 23:35, Fabio Ricci wrote: >>> Dear tomcat Community >>> >>> I am using cross context (which seems to be easy to configure >>> but in in tomcat 8 hard to run) … so today I downloaded tomcat >>> 9 and I migrated my apps to it. In tomcat 9 cross context is >>> running smoothly (thank you!) >>> >>> To authenticate my config is using JDBCRealm with a mysql >>> database. The config below ran very well with tomcat 8 but on >>> tomcat 9 accepted only the password digests (which are stored >>> in the table tomcat_users) directly instead of the usual >>> passwords. It seems that the digest algorithm MD5 be here not >>> executed. >> >> Given that the digest attribute doesn't exist on the Realm in >> 9.0.x, that behaviour is as expected. >> >> You should read the migration guide: >> >> http://tomcat.apache.org/migration-9.html#Migrating_from_8.0.x_to_9.0 .x/Internal_APIs >> >> >> If you had read the 8.0.x docs, you wouldn't have been using a >> deprecated configuration option... >> >> http://tomcat.apache.org/tomcat-8.0-doc/config/realm.html#Common_Attr ibutes >> >> >> ... you would have been using the replacement configuration option. >> >> http://tomcat.apache.org/tomcat-8.0-doc/config/credentialhandler.html >> >> >> >> Mark >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlcfyK4ACgkQ9CaO5/Lv0PDaQwCcDU1LlTw0L86FM1k6o2B7B1DB PyEAniuDGebS+ePwlt+kVvu14wErGOAu =QA8+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 9.0.0-M4 seems not to start digest algorithm on JDBC Realm as did tomcat 8.0.25
appreciate the sunday answer (thank you). To say the truth: I did read the documentation and the migration guide. But since there are no examples in http://tomcat.apache.org/tomcat-8.0-doc/config/credentialhandler.html, I did not manage to create my own implementation concreteness. That’s why I deared to ask the community. Thanks F. > On 24 Apr 2016, at 17:31, Mark Thomas wrote: > > On 22/04/2016 23:35, Fabio Ricci wrote: >> Dear tomcat Community >> >> I am using cross context (which seems to be easy to configure but in in >> tomcat 8 hard to run) … so today I downloaded tomcat 9 and I migrated my >> apps to it. >> In tomcat 9 cross context is running smoothly (thank you!) >> >> To authenticate my config is using JDBCRealm with a mysql database. The >> config below ran very well with tomcat 8 but on tomcat 9 accepted only >> the password digests (which are stored in the table tomcat_users) >> directly instead of the usual passwords. It seems that the digest >> algorithm MD5 be here not executed. > > Given that the digest attribute doesn't exist on the Realm in 9.0.x, > that behaviour is as expected. > > You should read the migration guide: > > http://tomcat.apache.org/migration-9.html#Migrating_from_8.0.x_to_9.0.x/Internal_APIs > > If you had read the 8.0.x docs, you wouldn't have been using a > deprecated configuration option... > > http://tomcat.apache.org/tomcat-8.0-doc/config/realm.html#Common_Attributes > > ... you would have been using the replacement configuration option. > > http://tomcat.apache.org/tomcat-8.0-doc/config/credentialhandler.html > > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Tomcat 9.0.0-M4 seems not to start digest algorithm on JDBC Realm as did tomcat 8.0.25
On 22/04/2016 23:35, Fabio Ricci wrote: > Dear tomcat Community > > I am using cross context (which seems to be easy to configure but in in > tomcat 8 hard to run) … so today I downloaded tomcat 9 and I migrated my > apps to it. > In tomcat 9 cross context is running smoothly (thank you!) > > To authenticate my config is using JDBCRealm with a mysql database. The > config below ran very well with tomcat 8 but on tomcat 9 accepted only > the password digests (which are stored in the table tomcat_users) > directly instead of the usual passwords. It seems that the digest > algorithm MD5 be here not executed. Given that the digest attribute doesn't exist on the Realm in 9.0.x, that behaviour is as expected. You should read the migration guide: http://tomcat.apache.org/migration-9.html#Migrating_from_8.0.x_to_9.0.x/Internal_APIs If you had read the 8.0.x docs, you wouldn't have been using a deprecated configuration option... http://tomcat.apache.org/tomcat-8.0-doc/config/realm.html#Common_Attributes ... you would have been using the replacement configuration option. http://tomcat.apache.org/tomcat-8.0-doc/config/credentialhandler.html Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 9.0.0-M4 seems not to start digest algorithm on JDBC Realm as did tomcat 8.0.25
Dear tomcat Community I am using cross context (which seems to be easy to configure but in in tomcat 8 hard to run) … so today I downloaded tomcat 9 and I migrated my apps to it. In tomcat 9 cross context is running smoothly (thank you!) To authenticate my config is using JDBCRealm with a mysql database. The config below ran very well with tomcat 8 but on tomcat 9 accepted only the password digests (which are stored in the table tomcat_users) directly instead of the usual passwords. It seems that the digest algorithm MD5 be here not executed. The config in server.xml is The authentication method is FORM for an application and DIGEST for the corresponding API. Both apps sees each other in a cross context. web.xml of the application contains: FORM NAME /WEB-INF/security/protected/login.jsp /WEB-INF/security/protected/error.jsp What shell I do in order to have with the FORM authentication again a digest password input? Do I have any possibility to debug it (although I should not…) ? Thank you in advance Regards Fabio signature.asc Description: Message signed with OpenPGP using GPGMail
