I think it supports digest authentication. However I can not make it works even in the simplest case. I have a basic tomcat 5 installation with one of my web application. I'd like to use digest authentication(I do not send password to server in clear text). The configuration is like this <security-constraint> <web-resource-collection> <web-resource-name>The Entire Web Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>tomcat</role-name> </auth-constraint> </security-constraint>
<login-config> <auth-method>DIGEST</auth-method> <realm-name>Tomcat Supported Realm</realm-name> </login-config> <security-role> <description> An example role defined in "conf/tomcat-users.xml" </description> <role-name>tomcat</role-name> </security-role> However, it does not work. I always get 403 (access is denied error). If I use BASIC authentication, everything works fine. I searched the mail list. It seemed other people also has this problem. However there is no any solution posted for it. Have anyone get digest authentication works?If anyone does, what extra step/caution should I takes? Thanks __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]