• Post Reply Bookmark Topic Watch Topic
  • New Topic

Authentication using DIGEST

 
praveen pillai
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ranchers,
Is there anything else that needs to be done for authentication using DIGEST method.
I have a constrained resource with only Admin roles allowed to invoke GET requests. This works fine with 'BASIC' authentication method but when I change the method to DIGEST, it prohibits me to access the page throwing a HTTP 403 - Access denied.
The snippet from web.xml:
<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>Admin</role-name>
<role-name>Member</role-name>
<role-name>Guest</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Resource1</web-resource-name>
<url-pattern>/MyELServlet.do</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>

</security-constraint>

Is there anything I am missing?
Please guide.
Thanks.
 
Bosun Bello
Ranch Hand
Posts: 1511
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The web.xml above is still showing BASIC though. Also not all web servers support DIGEST. Make sure you restart tghe server and that you open a new browser.
 
MI Mohammed
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In addition to what bosun has said, read your container documentation to know
how Digest is implemented.
 
What are you doing? You are supposed to be reading this tiny ad!
the new thread boost feature brings a LOT of attention to your favorite threads
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!