Hi, I'm trying to get digest authentication working on Tomcat 5.5.23. I got
it working on Tomcat 6 and Jetty, but I've got a problem with Tomcat 5.5.23,
because there no WWW-Authenticate header is sent. I figured out that it will
work if I remove error-page 401 configuration from my web.xml
2010/3/30 Nick Wiedenbrück mailinglists...@googlemail.com:
I got it working on Tomcat 6 and Jetty, but I've got a problem with Tomcat
5.5.23,
It will not work with 5.5.23, because it is some issue that was fixed
in a later version. (Headers were cleared when rendering a custom
page). Search
On 24/12/2009 02:18, Christopher Schultz wrote:
On 12/23/2009 2:13 PM, Mark Thomas wrote:
digest is (almost) completely orthogonal to DIGEST authentication.
digest controls whether or not the password stored on the server is held
in plain text or in digest form. It is (almost) independent of
Mark Thomas wrote:
On 24/12/2009 02:18, Christopher Schultz wrote:
On 12/23/2009 2:13 PM, Mark Thomas wrote:
digest is (almost) completely orthogonal to DIGEST authentication.
digest controls whether or not the password stored on the server is held
in plain text or in digest form. It is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/21/2009 7:34 AM, André Warnier wrote:
insi wrote:
Hi,
My tomcat server is sending www-authenticate (digest) header but the
header
doesn't contain the algorithm field, which one is choosen by default?
MD5
How do I specify it to use
On 23/12/2009 16:49, Christopher Schultz wrote:
The servlet specification actually makes DIGEST authentication optional
for spec0compliant containers, which is interesting. There is also no
(standard) way to configure the algorithm for DIGEST authentication.
Tomcat allows you to do it using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 12/23/2009 2:13 PM, Mark Thomas wrote:
On 23/12/2009 16:49, Christopher Schultz wrote:
The servlet specification actually makes DIGEST authentication optional
for spec0compliant containers, which is interesting. There is also no
Hi,
My tomcat server is sending www-authenticate (digest) header but the header
doesn't contain the algorithm field, which one is choosen by default?
How do I specify it to use particular algorithm (sha1/md5)?
--
View this message in context:
http://old.nabble.com/Www-authenticate
insi wrote:
Hi,
My tomcat server is sending www-authenticate (digest) header but the header
doesn't contain the algorithm field, which one is choosen by default?
MD5
How do I specify it to use particular algorithm (sha1/md5)?
In short, you can't.
See HTTP 2616 and 2617.
Theoretically, you
to send a blank
WWW-Authenticate header to the client, just the same way that
Tomcat
would do if you weren't already authenticated.
Could you expand on this? RFC2616 (HTTP/1.1)
(http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47) says
of the WWW-Authenticate header:
The field value
PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Sent: Sunday, January 21, 2007 1:31 PM
Subject: RE: how to tell Tomcat to send a blank WWW-Authenticate header?
Christopher Schultz wrote:
Also, you could set the error page that is used when a user doesn't
have
the proper credentials
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mitch,
Fisher, Mitchell L wrote:
Christopher Schultz wrote:
When you want to log someone out of BASIC authentication, you
have to send a blank WWW-Authenticate header to the client,
just the same way that Tomcat would do if you weren't already
to send a blank
WWW-Authenticate header to the client, just the same way that Tomcat
would do if you weren't already authenticated.
Is there a way to tell Tomcat to send a blank WWW-Authenticate header to the
client when authorization fails? I would like to not use FORM authentication.
thanks for any
. When you want to log
someone out of BASIC authentication, you have to send a blank
WWW-Authenticate header to the client, just the same way that Tomcat
would do if you weren't already authenticated.
Is there a way to tell Tomcat to send a blank WWW-Authenticate header
to the client when
2005/12/19, Francis Galiegue [EMAIL PROTECTED]:
Hello,
As the subject says, we have a problem with Tomcat 5.0 (5.0.27 through
5.0.30 to be precise) where a servlet invoked from tomcat5 does NOT
send a www-authenticate header back, resulting in a definitive 401
error. This violates RFC 2616
[I don't know why, looks like the original message didn't make it to
the list... Sorry if it's a double send]
Hello,
As the subject says, we have a problem with Tomcat 5.0 (5.0.27 through
5.0.30 to be precise) where a servlet invoked from tomcat5 does NOT
send a www-authenticate header back
16 matches
Mail list logo