On 15/11/2022 10:20, Thorsten Schöning wrote:

<snip/>

So, is it even possible to use SecretKeyCredentialHandler and
auth-method DIGEST together or am I required to use BASIC? If DIGEST
is supported, how does that and credential helper work together
without plain-text password available at the server at all?

Yes. Completely possible. You just have to create the digests in the right format.

https://tomcat.apache.org/tomcat-10.1-doc/realm-howto.html#Digested_Passwords

In short, the digested value you save as the user credential is one of the inputs the client uses when calculating the value to use in the authorization header. The other values are parts of the request and/or provided by the server. Hence both the client and server are able to calculate the same digest.

See https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/realm/RealmBase.java#L389

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to