users@glassfish.java.net

Question about Digest Authentication

From: <glassfish_at_javadesktop.org>
Date: Sat, 28 Feb 2009 15:47:01 PST

Hi,

Looking at http://blogs.sun.com/venu/entry/implementing_custom_realms_for_digest how can one implement com.sun.enterprise.security.auth.realm.DigestRealmBase.validate() if the server only contains a hash of the user password?

The API presents me with two options. I can return:

1) PLAIN_TEXT if I have the full password (which I don't)
2) HASHED if I have hash(username + realmName + password). Again, I don't have the full password so I cannot possibly have a hash() of it. Furthermore, it isn't clear what hash() algorithm Glassfish expects so even if I had the full password what should I be using?

Please advise.

Gili
[Message sent by forum member 'cowwoc' (cowwoc)]

http://forums.java.net/jive/thread.jspa?messageID=334432