Looking at RealmBase, it doesn't seem as if DIGEST authentication can
ever work:
public Principal authenticate(String username, String clientDigest,
String nOnce, String nc, String cnonce,
String qop, String realm,
String md5a2) {
String md5a1 = getDigest(username, realm);
if (md5a1 == null)
return null;
<snip>
}
I have read that DIGEST does not work in conjunction with digesting of
passwords in the database (although I have seen the
DigestableMemoryRealm example that was posted to this group). In the
above code, the getDigest(...) method will always return null unless the
user has set the "digest="md5"" attribute in the Realm configuration in
server.xml. In this case, this authenticate method will always return
null unless md5 is in fact requested. In previous postings I've already
seen where these cannot be combined.
Am I interpreting this method call correctly?
I took a look at the latest code online for this class (
http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/s
hare/org/apache/catalina/realm/RealmBase.java?rev=1.41&view=auto ) and
it doesn't appear to have changed - am I missing something? Shouldn't
this method handle the case when md5a1 returns null but not handle the
case when it returns "md5"?
Confused!
-----Original Message-----
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Friday, October 15, 2004 12:02 PM
To: Tomcat Users List
Subject: RE: org.apache.catalina.Realm
Hi,
Or follow any of the links that say "CVS Repositories" on the apache.org
pages, which will take you here: http://cvs.apache.org/viewcvs.cgi/.
Then go to
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm.
Yoav Shapira http://www.yoavshapira.com
>-----Original Message-----
>From: Larry Meadors [mailto:[EMAIL PROTECTED]
>Sent: Friday, October 15, 2004 11:56 AM
>To: [EMAIL PROTECTED]
>Subject: RE: org.apache.catalina.Realm
>
>Download the source distribution?
>
>>>> [EMAIL PROTECTED] 10/15/04 9:51 AM >>>
>Is there somewhere I can find the implementation of the JDBCRealm
class?
>Looking at the Realm "how-to" I don't get a lot of information about
>sequence of calls, what methods are overridable, etc. Can anyone point
>me to the implementation of this class?
>
>-----Original Message-----
>From: Larry Meadors [mailto:[EMAIL PROTECTED]
>Sent: Friday, October 15, 2004 11:30 AM
>To: [EMAIL PROTECTED]
>Subject: Re: org.apache.catalina.Realm
>
>
>IIRC, it is in $CATALINA_HOME/server/lib/catalina.jar, and that is
where
>you
>would put your implementation, too (if it is in a jar...if it is a
>class, put it in $CATALINA_HOME/server/classes).
>
>Larry
>
>>>> [EMAIL PROTECTED] 10/15/04 9:21 AM >>>
>Can someone help me get started building my own custom realm? I can't
>seem to locate which jar file this class is in.
>
>Also, once I create the Realm in, say for example, package
>my.realm.package, where do I place the class files so that the custom
>realm can be accessed
>from Tomcat?
>
>Thanks!
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail, including any attachments, is a confidential business
communication, and may contain information that is confidential,
proprietary and/or privileged. This e-mail is intended only for the
individual(s) to whom it is addressed, and may not be saved, copied,
printed, disclosed or used by anyone else. If you are not the(an)
intended recipient, please immediately delete this e-mail from your
computer system and notify the sender. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
