-   Linux - Server (
-   -   Tomcat 5 and DIGEST authentication (

ShadowCat8 09-01-2009 04:08 PM

[SOLVED] Tomcat 5 and DIGEST authentication
I have been searching and searching and trying to get this running, and am running out of time and hair in which to get this done. Has anyone gotten DIGEST authentication working properly in Tomcat 5?

I understand that there is a bug within IE5/IE6 in connecting to apache DIGEST login prompts, but even Firefox will not complete authentication and gives error 401 when trying to login.

JDBC Realm defined with SHA digest inside <Engine> in server.xml
DIGEST authentication with SHA algorithm defined in <login-config> of application's web.xml with <security-container> defined encompassing application pages.

Actions and Results (using Firefox):
  1. Set the SHA definition in both Realm and login-config. Try DIGEST login => Error 401.
  2. Set SHA definition in Realm, but set BASIC authentication in login-config. Try BASIC login => Server takes login information in plaintext, but digests password before sending to database. Login successful.
  3. Set BASIC authentication in Realm but SHA DIGEST in login-config. Try DIGEST login => Error 401.

Can anyone shed some light on this, please?


ShadowCat8 09-30-2009 03:14 PM


The issue I was running into is a built-in filter to Tomcat 5.5 that will block any calls to the IP address of You MUST bind your database to the actual IP address of the machine to have it seamlessly work with Tomcat 5.5.

A LONG way to go for such a simple answer! hehe

Hope this helps others, too.

All times are GMT -5. The time now is 07:23 AM.