Hi, I'm trying to configure digested password in an application. Just for example I was trying with MD5. First of all: * OS: CentOS Linux 7 (Core) * Tomcat full version: 9.0.43
I configured the Host in this way: <Host name="tradx.sixro.io" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Context path="" docBase="/home/sixroio/sixro.io/tomcat/webapps/tradx" crossContext="false" reloadable="true"> <Resource name="jdbc/mydb" auth="Container" type="javax.sql.DataSource" maxTotal="10" maxIdle="5" maxWaitMillis="5000" username="myusr" password="mypwd" driverClassName="org.mariadb.jdbc.Driver" url="jdbc:mariadb://localhost:3306/mydb"/> <Realm resourceName="DbRealm" className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="jdbc/mydb" localDataSource="true" userTable="USERS" userNameCol="USER_NAME" userCredCol="PASSWORD" userRoleTable="USER_ROLES" roleNameCol="ROLE_NAME" debug="99"> <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="MD5" ></CredentialHandler> </Realm> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/home/sixroio/sixro.io/tomcat/logs" prefix="tradx.sixro.io_log." suffix=".txt" pattern="common" resolveHosts="false"/> </Context> </Host> The authentication fails. For testing purposes I created a username usr with password 1 that in MD5 is c4ca4238a0b923820dcc509a6f75849b Enabling details in logs I found these rows: 19-Feb-2021 21:48:33.232 FINE [ajp-nio-127.0.0.1-33407-exec-2] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET / 19-Feb-2021 21:48:33.233 FINE [ajp-nio-127.0.0.1-33407-exec-2] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Monitoring]' against GET /index.jsp --> false 19-Feb-2021 21:48:33.234 FINE [ajp-nio-127.0.0.1-33407-exec-2] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Tradx]' against GET /index.jsp --> true 19-Feb-2021 21:48:33.234 FINE [ajp-nio-127.0.0.1-33407-exec-2] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Monitoring]' against GET /index.jsp --> false 19-Feb-2021 21:48:33.234 FINE [ajp-nio-127.0.0.1-33407-exec-2] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Tradx]' against GET /index.jsp --> true 19-Feb-2021 21:48:33.235 FINE [ajp-nio-127.0.0.1-33407-exec-2] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission() 19-Feb-2021 21:48:33.235 FINE [ajp-nio-127.0.0.1-33407-exec-2] org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint has no restrictions 19-Feb-2021 21:48:33.235 FINE [ajp-nio-127.0.0.1-33407-exec-2] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate() 19-Feb-2021 21:48:33.486 FINE [ajp-nio-127.0.0.1-33407-exec-2] org.apache.catalina.realm.RealmBase.authenticate Digest : 3038dd372061bee3cfa5e1a510bea637 Username:usr ClientDigest:3038dd372061bee3cfa5e1a510bea637 nonce:1613771311042:138f42717e6782847a85f249e2deedae nc:00000002 cnonce:c5513c3d36b6b643 qop:auth realm:DbRealmmd5a2:71998c64aea37ae77020c49c00f73fa8 Server digest:a66b50234577cb13076d3a117102c955 19-Feb-2021 21:48:33.487 FINE [ajp-nio-127.0.0.1-33407-exec-2] org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed authenticate() test but I can't understand the debug message in the last but not least row. Just to exclude other errors I tried commenting the CredentialHandler and I can login if I try with usr / c4ca4238a0b923820dcc509a6f75849b I don't catch what I made wrong. Can you help me? Regards R P.S. I tried also to put the jdbc config in global just for test putting localDataSource to false (just for test), but it didn't work either