Hi,
Looking at
http://blogs.sun.com/venu/entry/implementing_custom_realms_for_digest how can one implement com.sun.enterprise.security.auth.realm.DigestRealmBase.validate() if the server only contains a hash of the user password?
The API presents me with two options. I can return:
1) PLAIN_TEXT if I have the full password (which I don't)
2) HASHED if I have hash(username + realmName + password). Again, I don't have the full password so I cannot possibly have a hash() of it. Furthermore, it isn't clear what hash() algorithm Glassfish expects so even if I had the full password what should I be using?
Please advise.
Gili
[Message sent by forum member 'cowwoc' (cowwoc)]
http://forums.java.net/jive/thread.jspa?messageID=334432