Mark Leone wrote:
Perhaps since I used DIGEST authentication, it was necessary to put the proper name of the realm in <realm-name>, despite what you said above. I know I had in this element at first the same realm name I used for generating the digested password in my datastore; but perhaps I had something else configured wrong when I had the realm name correct. I'll try again with DIGEST authentication with the proper realm name, and see if that works.
I think I just proved my theory correct. I changed back to using DIGEST authentication, and it did not work. But as I reported before, the credentials window identified the realm name as "Tomcat Manager Application", which you explained earlier comes from the specified error file, 401.jsp. But since the credentials window thinks this is the realm name, it's not going to calculate the correct value for the digested password, which of course includes the eralm name in the calculation. So I commented out the <error-page> element, the credentials window now displays "JDBCRealm" as the realm name, and the authentication was successful. So it seems to me that it is not correct for the realm name to be overriden by the error page. If the web app developer specifies a value for <realm-name>, shouldn't that be what e uses to calculate his digested password? If there's some reason why this behavior is preferable, then perhaps at least the documentation should indicate that when DIGEST authentication is used, the realm name specified will be overridden by the error page if one is present. -Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
