Glassfish JDBC Realm with Digest Authentication

 

I'm working on a Java REST project and I'm currently using a JDBC Realm with Basic authentication. I'm storing SHA-256 hashes of passwords and Basic authentication works fine. To switch to Digest authentication i changed the JAAS Context of the realm from jdbcRealm to jdbcDigestRealm and in web.xml set the auth-method to DIGEST.

This, for some reason causes the authentication only to succeed if I provide the hash itself. When set to Digest authentication it seems that Glassfish doesn't automatically hash the provided password string, then check it, as is the case with Basic authentication.

Here's my realm configuration:

  • JAAS Context: jdbcDigestRealm
  • JNDI: jdbc/restshop
  • User Table: user
  • User Name Column: username
  • Password Column: password
  • Group Table: user_role
  • Group Name Column: role_name
  • Digest Algorithm: SHA-256
  • Encoding: Hex

    • There's also the Password Encryption Algorithm field in the realm configuration and I'm not sure what the purpose of it is.

    Any help is appreciated, and if you need any other information I will provide it. Thanks.

    链接地址: http://www.djcxy.com/p/3762.html

    上一篇: 用http摘要认证扭曲信用

    下一篇: 具有摘要式身份验证的Glassfish JDBC领域