Forums Register Login

Authentication using DIGEST

+Pie Number of slices to send: Send
Hi ranchers,
Is there anything else that needs to be done for authentication using DIGEST method.
I have a constrained resource with only Admin roles allowed to invoke GET requests. This works fine with 'BASIC' authentication method but when I change the method to DIGEST, it prohibits me to access the page throwing a HTTP 403 - Access denied.
The snippet from web.xml:
<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>Admin</role-name>
<role-name>Member</role-name>
<role-name>Guest</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Resource1</web-resource-name>
<url-pattern>/MyELServlet.do</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>

</security-constraint>

Is there anything I am missing?
Please guide.
Thanks.
+Pie Number of slices to send: Send
The web.xml above is still showing BASIC though. Also not all web servers support DIGEST. Make sure you restart tghe server and that you open a new browser.
+Pie Number of slices to send: Send
In addition to what bosun has said, read your container documentation to know
how Digest is implemented.
There were millions of the little blood suckers. But thanks to this tiny ad, I wasn't bitten once.
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 507 times.
Similar Threads
Authorisation related
Question on multiple security-constraint elements
Security
Security Constraints
Problem implementing Security-Constraint in tomcat 5.0.28
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 09:09:13.