PROBLEM Configuring <auth-method>DIGEST</auth-method> for a web application using JDBCRealm doesn't work. Is not possible to authenticate users. ANALYSIS Debugging source code of org.apache.catalina.realm.JDBCRealm class I noticed: 1) the method authenticate(String username, String clientDigest, String nOnce, String nc, String cnonce, String qop, String realm, String md5a2) of the class org.apache.catalina.realm.RealmBase calculates the md5a1 value calling the method getDigest(String username, String realmName) of the same class 2) the method getDigest(String username, String realmName) calculates the md5a1 value getting the user password from the method getPassword(String username) of the org.apache.catalina.realm.JDBCRealm class In this algorithm there are two problems: - getPassword() must return the cleartext password, so you have to save it somewhere in clear - at the moment getPassword() is not implemented and always returns null 3) if you implement getPassword(), the method authenticate() still returns null because it tries to get the Principal calling the method getPrincipal(String username) of the org.apache.catalina.realm.JDBCRealm class but at the moment this method is not implemented and always returns null SOLUTION I think there are two main things to solve: - implement getPassword() and getPrincipal() in the JDBCRealm class - provide the possibility to save on the DB not the cleartext password but the md5a1 value (the md5a1 value is the digest of the following string: username + realmname + password) COMMENTS At the end you should decide to use 4 different configurations: 1) <auth-method>BASIC and DB with cleartext pwd (working) 2) <auth-method>BASIC and DB with digest of pwd (working) Main limits of this solution are: . password sent in clear on the network . on the DB : if pwdA = pwdB then digestA = digestB 3) <auth-method>DIGEST and DB with cleartext pwd (not working) . you have only to implement getPassword() and getPrincipal in class org.apache.catalina.realm.JDBCRealm 4) <auth-method>DIGEST and DB with md5a1 (not working) . you have to modify the getDigest() method in class org.apache.catalina.realm.RealmBase providing the chance to get this value directly from the DB Bye Giovanni
*** Bug 17908 has been marked as a duplicate of this bug. ***
*** Bug 4352 has been marked as a duplicate of this bug. ***
Fixed in CVS.