You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by dheeraj joshi <dh...@gmail.com> on 2019/02/15 09:08:12 UTC
Re: Tomcat 9_Setting property 'digest' to 'SHA-256'
>
> Hi Team,
>
>
>
> I am getting warning “Setting property 'digest' to 'SHA-256' did not find
> a matching property” in tomcat9-stderr.log when I use attribute "digest"
> in realms.
>
> Snip from server.xml that i am using when i get error -
>
> <Host name="localhost" appBase="webapps" unpackWARs="true"
> autoDeploy="true">
>
> <Realm className="org.apache.catalina.realm.MemoryRealm" digest="SHA-256"
> />
>
>
>
> If I remove digest="SHA-256" from line <Realm
> className="org.apache.catalina.realm.MemoryRealm" digest="SHA-256" /> and
> restart tomcat service , I don’t see this warning after it.
>
>
>
> I did search for similar error reported by other users on internet but
> couldn’t confirm whether I am doing correct configuration. Some people say
> that digest attribute is removed since Tomcat 8.5 while some suggested me
> to use CredentialHandler sub element rather than using digest.
>
>
>
>
> https://stackoverflow.com/questions/41325893/tomcat-form-based-authentication-datasourcerealm-configuration-errors
> ,
> https://mail-archives.apache.org/mod_mbox/tomcat-dev/201511.mbox/raw/%3c564A60FB.70400@gmail.com%3e
>
>
>
> I couldn’t find public documentation from Apache foundation confirming
> that digest should not be used with Tomcat 9 . When I check docu provided
> with Tomcat 9 I don’t see attribute named digest listed under Memory
> Based Realm section
>
>
>
>
> https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html#Memory_Based_Realm_-_org.apache.catalina.realm.MemoryRealm
>
>
>
>
> Can you confirm whether digest attribute can be still used in Tomcat 9 in
> realms, if yes then what should be the correct syntax to use it. If the use
> of digest is deprecated what should I be using instead?
>
>
>
> I have been using digest attribute in previous versions of Tomcat in
> realms and it used to work fine , problem is after Tomcat upgrade from
> Tomcat 6 to Tomcat 9.
>
> Regards
> Dheeraj Joshi
>
>>
Re: Tomcat 9_Setting property 'digest' to 'SHA-256'
Posted by logo <lo...@kreuser.name>.
Hi,
Am 15.02.2019 10:08, schrieb dheeraj joshi:
>>
>> Hi Team,
>>
>>
>>
>> I am getting warning “Setting property 'digest' to 'SHA-256' did not
>> find
>> a matching property” in tomcat9-stderr.log when I use attribute
>> "digest"
>> in realms.
>>
>> Snip from server.xml that i am using when i get error -
>>
>> <Host name="localhost" appBase="webapps" unpackWARs="true"
>> autoDeploy="true">
>>
>> <Realm className="org.apache.catalina.realm.MemoryRealm"
>> digest="SHA-256"
>> />
>>
>>
>>
>> If I remove digest="SHA-256" from line <Realm
>> className="org.apache.catalina.realm.MemoryRealm" digest="SHA-256" />
>> and
>> restart tomcat service , I don’t see this warning after it.
>>
That would be expected as it is removed and there is no setter.
>>
>>
>> I did search for similar error reported by other users on internet but
>> couldn’t confirm whether I am doing correct configuration. Some people
>> say
>> that digest attribute is removed since Tomcat 8.5 while some suggested
>> me
>> to use CredentialHandler sub element rather than using digest.
>>
>>
well that IS the suggested fix.
https://tomcat.apache.org/tomcat-8.0-doc/config/realm.html#Memory_Based_Realm_-_org.apache.catalina.realm.MemoryRealm
"This attribute is deprecated. Set the algorithm on a nested
CredentialHandler element instead."
You could probably always try the migration guide when you do a major
version upgrade https://tomcat.apache.org/migration.html
Unfortunately each version separate.
Hope this helps.
Peter
>>
>>
>> https://stackoverflow.com/questions/41325893/tomcat-form-based-authentication-datasourcerealm-configuration-errors
>> ,
>> https://mail-archives.apache.org/mod_mbox/tomcat-dev/201511.mbox/raw/%3c564A60FB.70400@gmail.com%3e
>>
>>
>>
>> I couldn’t find public documentation from Apache foundation
>> confirming
>> that digest should not be used with Tomcat 9 . When I check docu
>> provided
>> with Tomcat 9 I don’t see attribute named digest listed under Memory
>> Based Realm section
>>
>>
>>
>>
>> https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html#Memory_Based_Realm_-_org.apache.catalina.realm.MemoryRealm
>>
>>
>>
>>
>> Can you confirm whether digest attribute can be still used in Tomcat 9
>> in
>> realms, if yes then what should be the correct syntax to use it. If
>> the use
>> of digest is deprecated what should I be using instead?
>>
>>
>>
>> I have been using digest attribute in previous versions of Tomcat in
>> realms and it used to work fine , problem is after Tomcat upgrade from
>> Tomcat 6 to Tomcat 9.
>>
>> Regards
>> Dheeraj Joshi
>>
>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 9_Setting property 'digest' to 'SHA-256'
Posted by dheeraj joshi <dh...@gmail.com>.
Thanks Christopher and Peter, my query is answered now.
On Sat, Feb 16, 2019 at 1:54 AM Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Dheeraj,
>
> On 2/15/19 04:08, dheeraj joshi wrote:
> >> I am getting warning “Setting property 'digest' to 'SHA-256' did
> >> not find a matching property” in tomcat9-stderr.log when I use
> >> attribute "digest" in realms.
> >>
> >> Snip from server.xml that i am using when i get error -
> >>
> >> <Host name="localhost" appBase="webapps" unpackWARs="true"
> >> autoDeploy="true">
> >>
> >> <Realm className="org.apache.catalina.realm.MemoryRealm"
> >> digest="SHA-256" />
> >>
> >>
> >>
> >> If I remove digest="SHA-256" from line <Realm
> >> className="org.apache.catalina.realm.MemoryRealm"
> >> digest="SHA-256" /> and restart tomcat service , I don’t see this
> >> warning after it.
> >>
> >>
> >>
> >> I did search for similar error reported by other users on
> >> internet but couldn’t confirm whether I am doing correct
> >> configuration. Some people say that digest attribute is removed
> >> since Tomcat 8.5 while some suggested me to use CredentialHandler
> >> sub element rather than using digest.
> >>
> >>
> >>
> >>
> >> https://stackoverflow.com/questions/41325893/tomcat-form-based-authen
> tication-datasourcerealm-configuration-errors
> <https://stackoverflow.com/questions/41325893/tomcat-form-based-authentication-datasourcerealm-configuration-errors>
> >>
> >>
> ,
> >> https://mail-archives.apache.org/mod_mbox/tomcat-dev/201511.mbox/raw/
> %3c564A60FB.70400@gmail.com%3e
> >>
> >>
> >>
> >>
> >>
> I couldn’t find public documentation from Apache foundation confirming
> >> that digest should not be used with Tomcat 9 . When I check docu
> >> provided with Tomcat 9 I don’t see attribute named digest listed
> >> under Memory Based Realm section
> >>
> >>
> >>
> >>
> >> https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html#Memory_Bas
> ed_Realm_-_org.apache.catalina.realm.MemoryRealm
> <https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html#Memory_Based_Realm_-_org.apache.catalina.realm.MemoryRealm>
> >>
> >>
> >>
> >>
> >>
> >>
> Can you confirm whether digest attribute can be still used in Tomcat 9 i
> n
> >> realms, if yes then what should be the correct syntax to use it.
> >> If the use of digest is deprecated what should I be using
> >> instead?
> >>
> >>
> >>
> >> I have been using digest attribute in previous versions of Tomcat
> >> in realms and it used to work fine , problem is after Tomcat
> >> upgrade from Tomcat 6 to Tomcat 9.
>
> Peter has the correct answer in another reply, but I'd like you to
> consider whether or not using SHA-256 is something you actually want
> to do.
>
> Using a plain "digest" for password-munging is really insufficient for
> password-storage these days.
>
> Please give this presentation a good read-through to see how you can
> do a LOT better for your users:
>
> http://people.apache.org/~schultz/ApacheCon%20NA%202017/Seamless%20Upgra
> des%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf
> <http://people.apache.org/~schultz/ApacheCon%20NA%202017/Seamless%20Upgrades%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf>
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxnIAUACgkQHPApP6U8
> pFiIkw/+I/OuBZ3VIHWRaWDT1m5clG6mNQd0Rm/BKIQ/xsrHLkpJPAYGH59FdJly
> W1FTToGLcr/UENP6Mc6m95vj+95B7qx0uNuHiEN2b0GFTbwFTgJOcyOa4GXpA0sl
> opNXBY5prjHQ/hFyL0P3Zl/xUWgleO1foIjkEozZu476iHfdJj8O8XKPa9Ka4cSk
> CKf11GSfrJWxhHKDrZnIhPwAHRrHTMKH+GXEVG6QS1xmEG/plZ6mfUdCHoodTMfD
> SmAhqRmR2V22eTaYYURBRtQccUZkjeOAY1KJDQCiaOISjJ3XVBl24iul4gTzoBir
> SCEFQwEJNj1S9NKJYYPPrHYkWkr7TCBwL6UczWF7h72xFsT/JwleEcdag4yQun6M
> e8inr5FPPXMmf+updtiRt3vI4cCozLO7RQZUm1iFqvnInWTmVhfoFUZB4i/lJooI
> 3tkaY6ua2FcpmpHOtlKPeWRwXxHsGUKMu2QnK1/T7gK9VoNk/XYecu3eHbV3+we2
> ur53Gi9wc/AtW5Utyv4AVELCnRg5BQRBRRFOin+SA47hNxqq5uWYlQ3xbjxyA95c
> VRLuPeNhI9QisA07ymJUKWjHPr7MiOVmmMCdoWH6Nvl9/f4i2cCSATrW532vHE7F
> EwhTHPYEHSzJPwpdqR/be9xM56RmJIzJFHxdVbmrsAoUQ0tCH7I=
> =MMrk
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Tomcat 9_Setting property 'digest' to 'SHA-256'
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dheeraj,
On 2/15/19 04:08, dheeraj joshi wrote:
>> I am getting warning “Setting property 'digest' to 'SHA-256' did
>> not find a matching property” in tomcat9-stderr.log when I use
>> attribute "digest" in realms.
>>
>> Snip from server.xml that i am using when i get error -
>>
>> <Host name="localhost" appBase="webapps" unpackWARs="true"
>> autoDeploy="true">
>>
>> <Realm className="org.apache.catalina.realm.MemoryRealm"
>> digest="SHA-256" />
>>
>>
>>
>> If I remove digest="SHA-256" from line <Realm
>> className="org.apache.catalina.realm.MemoryRealm"
>> digest="SHA-256" /> and restart tomcat service , I don’t see this
>> warning after it.
>>
>>
>>
>> I did search for similar error reported by other users on
>> internet but couldn’t confirm whether I am doing correct
>> configuration. Some people say that digest attribute is removed
>> since Tomcat 8.5 while some suggested me to use CredentialHandler
>> sub element rather than using digest.
>>
>>
>>
>>
>> https://stackoverflow.com/questions/41325893/tomcat-form-based-authen
tication-datasourcerealm-configuration-errors
>>
>>
,
>> https://mail-archives.apache.org/mod_mbox/tomcat-dev/201511.mbox/raw/
%3c564A60FB.70400@gmail.com%3e
>>
>>
>>
>>
>>
I couldn’t find public documentation from Apache foundation confirming
>> that digest should not be used with Tomcat 9 . When I check docu
>> provided with Tomcat 9 I don’t see attribute named digest listed
>> under Memory Based Realm section
>>
>>
>>
>>
>> https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html#Memory_Bas
ed_Realm_-_org.apache.catalina.realm.MemoryRealm
>>
>>
>>
>>
>>
>>
Can you confirm whether digest attribute can be still used in Tomcat 9 i
n
>> realms, if yes then what should be the correct syntax to use it.
>> If the use of digest is deprecated what should I be using
>> instead?
>>
>>
>>
>> I have been using digest attribute in previous versions of Tomcat
>> in realms and it used to work fine , problem is after Tomcat
>> upgrade from Tomcat 6 to Tomcat 9.
Peter has the correct answer in another reply, but I'd like you to
consider whether or not using SHA-256 is something you actually want
to do.
Using a plain "digest" for password-munging is really insufficient for
password-storage these days.
Please give this presentation a good read-through to see how you can
do a LOT better for your users:
http://people.apache.org/~schultz/ApacheCon%20NA%202017/Seamless%20Upgra
des%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxnIAUACgkQHPApP6U8
pFiIkw/+I/OuBZ3VIHWRaWDT1m5clG6mNQd0Rm/BKIQ/xsrHLkpJPAYGH59FdJly
W1FTToGLcr/UENP6Mc6m95vj+95B7qx0uNuHiEN2b0GFTbwFTgJOcyOa4GXpA0sl
opNXBY5prjHQ/hFyL0P3Zl/xUWgleO1foIjkEozZu476iHfdJj8O8XKPa9Ka4cSk
CKf11GSfrJWxhHKDrZnIhPwAHRrHTMKH+GXEVG6QS1xmEG/plZ6mfUdCHoodTMfD
SmAhqRmR2V22eTaYYURBRtQccUZkjeOAY1KJDQCiaOISjJ3XVBl24iul4gTzoBir
SCEFQwEJNj1S9NKJYYPPrHYkWkr7TCBwL6UczWF7h72xFsT/JwleEcdag4yQun6M
e8inr5FPPXMmf+updtiRt3vI4cCozLO7RQZUm1iFqvnInWTmVhfoFUZB4i/lJooI
3tkaY6ua2FcpmpHOtlKPeWRwXxHsGUKMu2QnK1/T7gK9VoNk/XYecu3eHbV3+we2
ur53Gi9wc/AtW5Utyv4AVELCnRg5BQRBRRFOin+SA47hNxqq5uWYlQ3xbjxyA95c
VRLuPeNhI9QisA07ymJUKWjHPr7MiOVmmMCdoWH6Nvl9/f4i2cCSATrW532vHE7F
EwhTHPYEHSzJPwpdqR/be9xM56RmJIzJFHxdVbmrsAoUQ0tCH7I=
=MMrk
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org