users@glassfish.java.net

Re: JDBC Realm and new Password Encryption Algorithm field

From: Laird Nelson <ljnelson_at_gmail.com>
Date: Tue, 28 Feb 2012 07:59:11 -0500

On Tue, Feb 28, 2012 at 7:29 AM, Kumar Jayanti <v.b.kumar.jayanti_at_oracle.com
> wrote:

> Sorry for the confusion. As i said this feature is for the HTTP Digest
> Authentication. And so applicable if you are using the JDBCDigestRealm.
>

Oh, OK. Now the mental model is starting to click into place. :-) It
takes me a while sometimes. :-) ("Often", some of my friends and
colleagues would say. :-))

A further question if you don't mind that might be tangential.

Am I right in saying that digest authentication as a principle can be
backed by any storage implementation? That is, I could have HTTP digest
authentication backed by a password store that was implemented by a file.
Or LDAP. Or a database. Or whatever.

But if I'm looking at things properly, it looks like out of the box
Glassfish only supports digest authentication if you use the JDBC realm
with the jdbcDigestRealm-identified login module. That is, although it
would be possible to store your hashed password in a file, and implement a
realm that does digest authentication atop that file, Glassfish does not
supply such a realm. The only realm that Glassfish supplies that does
digest authentication is the JDBC realm, and only when set up to use the
jdbcDigestRealm login module.

Is that an accurate set of statements? If so, it would explain (for me)
why a generic digest authentication parameter that has nothing to do with a
particular storage technology is being evaluated in a storage-specific
realm.

Thanks,
Laird

-- 
http://about.me/lairdnelson