Matt RaibleMatt Raible is a Web Developer and Java Champion. Connect with him on LinkedIn.

The Angular Mini-Book The Angular Mini-Book is a guide to getting started with Angular. You'll learn how to develop a bare-bones application, test it, and deploy it. Then you'll move on to adding Bootstrap, Angular Material, continuous integration, and authentication.

Spring Boot is a popular framework for building REST APIs. You'll learn how to integrate Angular with Spring Boot and use security best practices like HTTPS and a content security policy.

For book updates, follow @angular_book on Twitter.

The JHipster Mini-Book The JHipster Mini-Book is a guide to getting started with hip technologies today: Angular, Bootstrap, and Spring Boot. All of these frameworks are wrapped up in an easy-to-use project called JHipster.

This book shows you how to build an app with JHipster, and guides you through the plethora of tools, techniques and options you can use. Furthermore, it explains the UI and API building blocks so you understand the underpinnings of your great application.

For book updates, follow @jhipster-book on Twitter.

10+ YEARS


Over 10 years ago, I wrote my first blog post. Since then, I've authored books, had kids, traveled the world, found Trish and blogged about it all.

RECENT ENTRIES


Tag Cloud


abbie appfuse birthday denver family grails gwt jack java javascript jhipster jsf linkedin maven roller skiing softwaresummit spring springmvc struts2 travel trish vacation webframeworks wicket
« XDoclet for Hibernat... | Main | RE: Where's the $$... »
Thursday February 13, 2003

Help: Which servers support HTTP Digest Authentication?

In my security chapter, I am describing HTTP Digest Authentication (please correct me if I'm wrong on any of this).

This (HTTP Digest) authentication mechanism identifies a user based on a username and password, and the client transmits the password in an encrypted form such as SHA or MD5. HTTP 1.1-enabled browsers are required to support it, at least according to this page. According to the Servlet 2.4 spec, it is not currently in widespread use, and therefore Servlet containers are not required to support it.

Now for the part I need help on. Which of the following servers support HTTP Digest? Tomcat, JBoss, Resin, Orion, WebLogic, WebSphere and Sun ONE. To test this, in your web.xml you would configure your <auth-method> to be DIGEST: 

<security-constraint>
    <web-resource-collection>
        <web-resource-name>My Application</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>My Test Application</realm-name>
</login-config>

According to this implementing WebSphere Security article from December 2002, WebSphere 4 doesn't support it. I wonder if version 5 does? Thanks for any assistance you can offer!

Update: I was missing a required element (<web-resource-name>) in the XML above, and I added <realm-name> for display on the dialog box. Tomcat (v4.1.18) supports DIGEST just fine. The dialogs do change between the types though - the differences are below.

HTTP Basic Dialog Screenshot
HTTP Basic Dialog

HTTP Digest Dialog Screenshot
HTTP Digest Dialog

Posted in Java at Feb 13 2003, 06:42:56 AM MST 4 Comments
Comments:

Why don't you try searching Google for this? It took me 2 minutes to find out that Tomcat, Resin and JBoss support Digest authentication. It would take you another 2 minutes to find this information considering the remaining app servers.

Posted by Leonya on February 13, 2003 at 03:01 PM MST #

I tried Google, but didn't get anything - so that's why I posted here. What did you use for a query?

Posted by Matt on February 13, 2003 at 03:14 PM MST #

{Tomcat, JBoss, Resin} HTTP Digest

Posted by Leonya on February 13, 2003 at 04:03 PM MST #

I tried this and something was wrong. I had "BASIC" authentication set up correctly for my test Wiki installation. Then I changed it to "DIGEST", and I cannot log in any more. The logon window shows up in the browser (and says "...secure..." in IE), but my user/password combination no longer works. Strange.

Posted by Greg Klebus on February 14, 2003 at 02:00 PM MST #

Post a Comment:
  • HTML Syntax: Allowed