i managed to get my HTTP Basic working fine with appfuse.
but not DIGEST. pls help!
---------------------
MY DIGEST FAILED:
---------------------
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/service.do*=digestProcessingFilter,digestExceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<bean id="digestProcessingFilter"
class="org.acegisecurity.ui.digestauth.DigestProcessingFilter">
<property name="userDetailsService" ref="userDao" />
<property name="authenticationEntryPoint"
ref="digestProcessingFilterEntryPoint" />
<property name="userCache" ref="userCache" />
</bean>
<bean id="digestProcessingFilterEntryPoint"
class="org.acegisecurity.ui.digestauth.DigestProcessingFilterEntryPoint">
<property name="realmName">
<value>mycompany.com</value>
</property>
<property name="key">
<value>acegi</value>
</property>
<property name="nonceValiditySeconds">
<value>10</value>
</property>
</bean>
<bean id="digestExceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref bean="digestProcessingFilterEntryPoint" />
</property>
</bean>
mraible wrote:
>
> You'll need to change the passwords to be stored in base64. If you
> look in the mailing list archives, I posted a howto for changing from
> form-based authentication to basic. At least I think I did - it was a
> year or so ago.
>
> Matt
>
> On 4/5/07, thinkboy <[EMAIL PROTECTED]> wrote:
>>
>> I expecting the problem is lying on the algorithm method too
>> in acegi, the is no configuration for MD5 or SH1 , but when I looked at
>> the
>> source code in
>> org/acegisecurity/ui/digestauth/DigestProcessingFilterEntryPoint.java. it
>> seems like it is using MD5
>>
>> however, in 401 response , acegi does not specify in HTTP message that
>> www-authenticate: algorithm=md5
>>
>> I am not sure when auth algorithm firefox is using to compose
>> Authorization: 's response. if firefox uses SHA1 by default. it may not
>> work. then. I need to run a test to verify it.
>>
>> btw, my question is how could I set MD5 in acegi so that
>> www-authenticate:
>> algorithm=md5 is inserted?
>>
>>
>> hiugong.gwok wrote:
>> >
>> > I thought the algorithm is SHA1?
>> >
>> >
>> > thinkboy wrote:
>> >>
>> >> hi
>> >>
>> >> sorry that i aware this may be more a acegi question. but I really
>> hope
>> >> someone here can help me too.
>> >> pls guide me on how to setup Digest correctly in appfuse! pls advise
>> >>
>> >> I tried to setup my digestAuthorization and chellenge from my firefox
>> >> 2.0, but failed
>> >>
>> >> my scenario:
>> >> 1) firefox send request to webserver
>> >> 2) webserver response 401
>> >> 3) firefox pop up login dialog
>> >> 4) log in username/password
>> >> 5) from userDao, I turned on <prop
>> key="hibernate.show_sql">true</prop>
>> >> that shows Admin user is retrieved correctly! no problem
>> >> 6) but webserver still response 401 again to firefox
>> >> 7) I observed that webserver does not specify algorithm=md5 in 401
>> header
>> >> I could not find any doc that show example on specifing md5 in acegi..
>> >> does it matter?
>> >> pls help!
>> >>
>> >> ----------------
>> >> security.xml
>> >> ----------------
>> >> <bean id="filterChainProxy"
>> >> class="org.acegisecurity.util.FilterChainProxy">
>> >> <property name="filterInvocationDefinitionSource">
>> >> <value>
>> >> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
>> >> PATTERN_TYPE_APACHE_ANT
>> >>
>> /service.do*=httpSessionContextIntegrationFilterWithASCFalse,digestProcessingFilter,digestExceptionTranslationFilter,filterInvocationInterceptor
>> >> </value>
>> >> </property>
>> >> </bean>
>> >>
>> >> <bean id="httpSessionContextIntegrationFilterWithASCFalse"
>> >> class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
>> >> <property name="allowSessionCreation" value="false"/>
>> >> </bean>
>> >>
>> >> <bean id="digestProcessingFilterEntryPoint"
>> >>
>> class="org.acegisecurity.ui.digestauth.DigestProcessingFilterEntryPoint">
>> >> <property
>> name="realmName"><value>mydomain.com</value></property>
>> >> <property name="key"><value>acegi</value></property>
>> >> <property
>> name="nonceValiditySeconds"><value>10</value></property>
>> >> </bean>
>> >>
>> >> <bean id="digestExceptionTranslationFilter"
>> >> class="org.acegisecurity.ui.ExceptionTranslationFilter">
>> >> <property name="authenticationEntryPoint"><ref
>> >> bean="digestProcessingFilterEntryPoint"/></property>
>> >> </bean>
>> >>
>> >> <bean id="filterInvocationInterceptor"
>> >> class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
>> >> <property name="authenticationManager"
>> >> ref="authenticationManager"/>
>> >> <property name="accessDecisionManager"
>> >> ref="accessDecisionManager"/>
>> >> <property name="objectDefinitionSource">
>> >> <value>
>> >> PATTERN_TYPE_APACHE_ANT
>> >> /service.do*=admin,user
>> >> </value>
>> >> </property>
>> >> </bean>
>> >>
>> >> ------------------------------
>> >> 401 response from acegi
>> >> ------------------------------
>> >>
>> >> [HTTP/1.1 401 Incorrect response
>> >> Connection: close
>> >> Date: Mon, 02 Apr 2007 11:24:33 GMT
>> >> Server: SMAS (HTTP/1.1 Connector)
>> >> WWW-Authenticate: Digest realm="mydomain.com", qop="auth",
>> >>
>> nonce="MTE3NTUxMzA4MzY1NzplOWJlZGQ1N2VmYmY3ZjhlYjU0NDQ2ZTZkNjZlZmY3MA=="
>> >>
>> >> [GET /platform/service.do
>> >> HTTP/1.1
>> >> Host: corp.mydomain.com:5080
>> >> User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
>> >> rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
>> >> Accept:
>> >>
>> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
>> >> Accept-language: zh,en-us;q=0.7,en;q=0.3
>> >> Accept-encoding: gzip,deflate
>> >> Accept-charset: UTF-8,*
>> >> Keep-alive: 300
>> >> Connection: keep-alive
>> >> Cookie: JSESSIONID=hssn-CA2EFCD708CE8B0588ED996C14817648
>> >> Cache-control: max-age=0, max-age=0
>> >> Authorization: Digest username="admin", realm="mydomain.com",
>> >>
>> nonce="MTE3NTUxMzA3NzM3ODozZTQ2ZWIwNjM1MzA5ZDQ4ODQ0NDg0Y2RiYmE0MWM2OQ==",
>> >> uri="/platform/service.do",
>> response="c27ec63ce3c19ef35440d74191156623",
>> >> qop=auth, nc=00000001, cnonce="6c46874228c087eb"
>> >>
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/how-to-enable-HTTP--digest-authorization-in-appfuse--tf3505306s2369.html#a9852315
>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> --
> http://raibledesigns.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/how-to-enable-HTTP--digest-authorization-in-appfuse--tf3505306s2369.html#a11117804
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
