Dear All, Since there are four authentication types can be used in authentication (BASIC / FORM / DIGEST / CLIENT-CERT). I can configure the BASIC authentication without problem. But when I switch to DIGEST authentication type in web.xml and then remove the <realm-name> tag within the <login-config> tag. After that, the login dialog box is popped up without problem, but fail to login even if the username and password are entered correctly, do anyone know the reason? I saw from the book said that the DIGEST method is not supported by many browsers, is it related to this fact? (But I think IE should support this, is it?) Thank you for your kind attention. Yours faithfully, Benny
you'll have to probably pre-digest the passwords. So the tomcat-users.xml file probably won't cut it, you'll have to go with a database realm. Then when you're entering passwords, you'll have to be sure they're stored in digested form.