> > To be honest, I don't know too much about Digest authentication - you > > spent more time on this issue anyway. > > > > You are confused with this code, this enables the ability of use > Digested passwords in the JDBCRealm nothing to do with DIGEST auth, it's > only to read digested passwords from the RDBMS.. :-) i'll attack soon > with DIGEST auth but not now.. Aaaa. In this case - there is no problem, authenticate() will un-digest the data from RDBMS, etc. Of course, it would be nice to have the code factored out - maybe we can use digest for the MemoryRealm ( or other future realms ) too. ( another nice feature would be to support "unix"-like digests and mySQL-like password digests ). Again - as an util if possible :-) Costin