>
> Ok, but that would still require some modifications in the JDBC realm, for
> example, because it has the annoying habit to store H(password) ;-)
> I was planning to add a mechanism a bit like you describe, but after 4.0.
Right, I had to touch existing realm code as well, since current realms rely
on the ability to extract the password from the request - which is not
possible with DIGEST (since that's the whole point of it). In effect, I
rewamped realms to
if(ctx != null && "DIGEST".equals(ctx.getAuthMethod()))
{
... new code
}
else
{
... old code
}
>
> Remy
Attila
