I have a problem where the digest element is seemingly being ignored when I move my web app from development to production. The application uses form based security and works just fine in development.
Here are the details. Dev - tomcat 5.5.17 in Netbeans 5.5.1 Prod - tomcat 5.5.15 - this is the only difference I can see at this point. But there doesn't seem to be anything in changelogs indicating a problem relating to digested passwords being fixed. Here is my context.xml: <?xml version="1.0" encoding="UTF-8"?> <Context path="/TDAssetRegister"> <Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="jdbc/TeraJDBC" digest="SHA" localDataSource="true" roleNameCol="Role_ID" userCredCol="User_Pwd" userNameCol="User_ID" userRoleTable="user_roles" userTable="valid_users"/> <Resource name="jdbc/TeraJDBC" auth="Container" type="javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000" username="assetRegister" password="pass" driverClassName="com.ncr.teradata.TeraDriver" url="jdbc:teradata://dbc/database=AssetRegisterDB"/> </Context> As mentioned this works in dev. I've tried messing with the case of the digest element and value (e.g. sha, Sha, SHA etc) and also tried MD5. I've also tried placing the digest in different parts of the Realm. So how do I know it is being ignored as opposed to simply not working? I tried pasting a SHA digested password into the password field and succesfully logged in. Then I tried changing the content of my valid_users table so that the password was simply set to "pass" then entered "pass" as my password - lo and behold, succesful login. The production system 5.5.15 is a default implementation. The one exception is a change to process *.jspf files as jsp's. I plan to update the prodn server to 5.5.17 to see if this will solve the problem. Unfortunately, I can not do this for a few days as the system is being used for some demo's. I was hoping someone would say, yes I had that problem and upgrading fixed it, or what you need to do is ...! TIA glennm