I checked the url that you supplied to me and expecially the JDBCRealm part,for
I have stored the username and password in a relational database.
So,what I need to do is:
1.build the users table and the roles table.
2.configure the org.apache.catalina.realm.JDBCRealm
3.put the oracle jdbc driver at $tomcat.home/common/lib
4.configure the web.xml of my application as following fragment:
<security-constraint><web-resource-collection><web-resource-name>app</web-resource-name><url-pattern>/*</url-pattern></web-resource-collection><auth-constraint><role-name>poweruser</role-name></auth-constraint></security-constraint><login-config><auth-method>DIGEST</auth-method><realm-name>app</realm-name></login-config>
(What is the realm-name element mean? The JDBCRealm that I just configured?)
then the username and password that client input will be sent to the server
encrypted?
thanks in advance!
> Date: Tue, 30 Oct 2007 04:13:01 -0300> From: [EMAIL PROTECTED]> To:
> users@tomcat.apache.org> Subject: Re: [tomcat]How to decrypt the DIGEST
> authentication?> > Hi,> > Digest authentication involves multiple MD5s
> including the username,> password, url, realm, random data... Believe me when
> I tell you that> there is no way that you will get the password from the
> digest (in> fact, it was designed this way so this is not feasible.)> > For
> your original question, you may want to check this>
> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html> > Regards,> lg> >
> On Oct 30, 2007 1:50 AM, zhongliang zhang <[EMAIL PROTECTED]> wrote:> >
> Hi,everyone,> > I got a problem with the DIGEST authentication.> > I
> configured my web.xml as followed:> > <security-constraint>> >
> <web-resource-collection>> > <web-resource-name>app</web-resource-name>> >
> <url-pattern>/*</url-pattern>> > </web-resource-collection>> >
> <auth-constraint>> > <role-name>poweruser</role-name>> > </auth-constraint>>
> </security-constraint>> > <login-config>> >
> <auth-method>DIGEST</auth-method>> > <realm-name>app</realm-name>> >
> </login-config>> > So,if anybody try to access my app,he needs to input his
> username and password,while the username and password are stored in the
> Oracle database,not configured in the tomcat-users.xml file which located at
> $tomcat_home/conf/ directory. I can not configure it in the tomcat-users.xml
> for the app has an function of make a new user.> >> > Is there anyway to
> solve this problem?> >> > P.S. I tried to solve it by coding in my
> program,like adding the following code to set the response's status to ask
> for DIGEST authentication.> > ((HttpServletResponse)
> response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);> > But I do not
> get a way to decryt the DIGEST information.> >> > Any advice will be
> appreciated!> > thanks.> >
> _________________________________________________________________> > News,
> entertainment and everything you care about at Live.com. Ge
t it now!> > http://www.live.com/getstarted.aspx> >
---------------------------------------------------------------------> To start
a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: [EMAIL
PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]>
_________________________________________________________________
News, entertainment and everything you care about at Live.com. Get it now!
http://www.live.com/getstarted.aspx