Details
-
Feature Request
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
Documentation (Ref Guide, User Guide, etc.)
-
0
-
0%
Description
We have not supported DIGEST auth in the web tier to date because the current tomcat Realm impl required that the security store have access to the clear text password. After looking at this a bit it seems that we should be able to update our JBossSecurityMgrRealm to allow for the use of the H(A1) form of the password as described in http://www.ietf.org/rfc/rfc2617.txt as well as clear text which is the default mode of the UsernamePasswordLoginModule based module.