You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mark Leone <mi...@cox.net> on 2005/03/20 04:15:20 UTC
Re: Using RealmBase.Digest(...)
1) If you have catalina.jar in the $CATALINA_HOME/server/lib/ directory, then
it's only going to be available to the Tomcat server internal code, not to your
web apps. If you want it to be available to Tomcat and your web apps, then you
should put it in the $CATALINA_HOME/common/lib/ directory. You don't need to
copy it- you can move it there- since that will make it available to Tomcat and
all your web apps.
2) As stated in Footnote 19 of the HTTP/1.1 spec, the IANA Character Set
Registry (Reynolds, J. and J. Postel, Assigned Numbers
<http://www.ietf.org/rfc/rfc1700.txt> , STD 2, RFC 1700, October 1994.) is the
authoritative listing of charset values. However, I noticed that the API for
setDigestEncoding() says that the "String charset" parameter can be null to
indicate the platform default character set. I suggest you give that a try when
invoking Digest(). Pass it a null String value for the third parameter and see
if it works. I think that what you're trying to match is the charset the client
browsers will use when the users attempt to authenticate to the realm. If you
want to know what your default charset is, invoke getDigestEncoding(). Whatever
value is returned is the charset you need all your users to use when they
authenticate (or a charset that is compatible within the ranges of characters
that the users will be entering). If they will be using other charsets, you
should be able to determine what they're using from the "Content-Type" entity
header field in the HTTP request message, and then set that charset value for
your realm using setDigestEncoding(). The charset will be specified as a
parameter value in the "Content-Type" field. For example,
Content-Type: text/html; charset=ISO-8859-4
See section 14.17 of the HTTP spec; here's the link:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17
-Mark
J Malcolm wrote:
>I'm writing an app to create user id/pw's in a db for use by realms. I've
>read the realm HOW-TO page. But I have two implementation questions:
>
>1) the page says: "To use either of the above techniques, the
>$CATALINA_HOME/server/lib/catalina.jar file will need to be on your class
>path to make the RealmBase class available." I'm doing this in a servlet.
>The way I typically make jar files avail to servlets is to put them in the
>WEB-INF/lib dir or in the Tomcat common lib. I don't think I should be
>making a copy of this jar or moving it around. How do I force a jar into a
>webapp's classpath? Is there a tag I can put in web.xml to set classpath or
>add jars?
>
>2) There are three parameters on the Digest() method. The third parm is
>'encoding'. What encoding should I be using? I assume it needs to match
>whatever encoding the realm code is going to use when it compares the
>digested password. What string do I use for this parm?
>
>Thanks.
>
>Jerry
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Using RealmBase.Digest(...)
Posted by Mark Thomas <ma...@apache.org>.
Mark Leone wrote:
<snip>
> If you want to know what
> your default charset is, invoke getDigestEncoding(). Whatever value is
> returned is the charset you need all your users to use when they
> authenticate (or a charset that is compatible within the ranges of
> characters that the users will be entering). If they will be using other
> charsets, you should be able to determine what they're using from the
> "Content-Type" entity header field in the HTTP request message, and then
> set that charset value for your realm using setDigestEncoding(). The
> charset will be specified as a parameter value in the "Content-Type"
> field. For example,
>
> Content-Type: text/html; charset=ISO-8859-4
> See section 14.17 of the HTTP spec; here's the link:
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17
Be aware that I did some testing of digest authentication and passwords
that contained UTF-8 characters (random Arabic and Japanese as far as I
recall) and I noticed that the browsers mangled the UTF-8 passwords
during the generation of the digest and did so in an inconsistent manner.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org