On 15/11/2022 10:20, Thorsten Schöning wrote:
<snip/>
So, is it even possible to use SecretKeyCredentialHandler and
auth-method DIGEST together or am I required to use BASIC? If DIGEST
is supported, how does that and credential helper work together
without plain-text password available at the server at all?
Yes. Completely possible. You just have to create the digests in the
right format.
https://tomcat.apache.org/tomcat-10.1-doc/realm-howto.html#Digested_Passwords
In short, the digested value you save as the user credential is one of
the inputs the client uses when calculating the value to use in the
authorization header. The other values are parts of the request and/or
provided by the server. Hence both the client and server are able to
calculate the same digest.
See
https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/realm/RealmBase.java#L389
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org