Looking at RealmBase, it doesn't seem as if DIGEST authentication can ever work:
public Principal authenticate(String username, String clientDigest, String nOnce, String nc, String cnonce, String qop, String realm, String md5a2) { String md5a1 = getDigest(username, realm); if (md5a1 == null) return null; <snip> } I have read that DIGEST does not work in conjunction with digesting of passwords in the database (although I have seen the DigestableMemoryRealm example that was posted to this group). In the above code, the getDigest(...) method will always return null unless the user has set the "digest="md5"" attribute in the Realm configuration in server.xml. In this case, this authenticate method will always return null unless md5 is in fact requested. In previous postings I've already seen where these cannot be combined. Am I interpreting this method call correctly? I took a look at the latest code online for this class ( http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/s hare/org/apache/catalina/realm/RealmBase.java?rev=1.41&view=auto ) and it doesn't appear to have changed - am I missing something? Shouldn't this method handle the case when md5a1 returns null but not handle the case when it returns "md5"? Confused! -----Original Message----- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 12:02 PM To: Tomcat Users List Subject: RE: org.apache.catalina.Realm Hi, Or follow any of the links that say "CVS Repositories" on the apache.org pages, which will take you here: http://cvs.apache.org/viewcvs.cgi/. Then go to jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm. Yoav Shapira http://www.yoavshapira.com >-----Original Message----- >From: Larry Meadors [mailto:[EMAIL PROTECTED] >Sent: Friday, October 15, 2004 11:56 AM >To: [EMAIL PROTECTED] >Subject: RE: org.apache.catalina.Realm > >Download the source distribution? > >>>> [EMAIL PROTECTED] 10/15/04 9:51 AM >>> >Is there somewhere I can find the implementation of the JDBCRealm class? >Looking at the Realm "how-to" I don't get a lot of information about >sequence of calls, what methods are overridable, etc. Can anyone point >me to the implementation of this class? > >-----Original Message----- >From: Larry Meadors [mailto:[EMAIL PROTECTED] >Sent: Friday, October 15, 2004 11:30 AM >To: [EMAIL PROTECTED] >Subject: Re: org.apache.catalina.Realm > > >IIRC, it is in $CATALINA_HOME/server/lib/catalina.jar, and that is where >you >would put your implementation, too (if it is in a jar...if it is a >class, put it in $CATALINA_HOME/server/classes). > >Larry > >>>> [EMAIL PROTECTED] 10/15/04 9:21 AM >>> >Can someone help me get started building my own custom realm? I can't >seem to locate which jar file this class is in. > >Also, once I create the Realm in, say for example, package >my.realm.package, where do I place the class files so that the custom >realm can be accessed >from Tomcat? > >Thanks! > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]