• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authentication using DIGEST

 
praveen pillai
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ranchers,
Is there anything else that needs to be done for authentication using DIGEST method.
I have a constrained resource with only Admin roles allowed to invoke GET requests. This works fine with 'BASIC' authentication method but when I change the method to DIGEST, it prohibits me to access the page throwing a HTTP 403 - Access denied.
The snippet from web.xml:
<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>Admin</role-name>
<role-name>Member</role-name>
<role-name>Guest</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Resource1</web-resource-name>
<url-pattern>/MyELServlet.do</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>

</security-constraint>

Is there anything I am missing?
Please guide.
Thanks.
 
Bosun Bello
Ranch Hand
Posts: 1511
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The web.xml above is still showing BASIC though. Also not all web servers support DIGEST. Make sure you restart tghe server and that you open a new browser.
 
MI Mohammed
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In addition to what bosun has said, read your container documentation to know
how Digest is implemented.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic