Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Digest authentication using hashed password in Jetty 6
PS sorry if I'm missing something obvious but completely new to Jetty

I'll start there and say that we are releasing Jetty 9 now so....don't run Jetty 6 :)

Aside from that, sounds like you have a plan and the approach would be to either subclass or just use the existing class as an example and build your own doing the approach you desire.

cheers,
jesse

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx


On Mon, Apr 15, 2013 at 7:30 AM, Doyle, Alan <alan.doyle@xxxxxxxxxxx> wrote:

Hi,

In order to avoid saving passwords in the clear on the server I was hoping to save the HA1 MD5 hash and then calculate HA2 using parameters (nonce etc) retrieved from the message digest and then authenticate against the HA2 value received in the authentication response. The required values seem to be available in the credentials passed back via the realm.authenticate() call in DigestAuthenticator.authenticate if I could cast the sub class Digest to the credentials. Unfortunately Digest is a private class within DigestAuthenticator.

Does anyone know how I can access the attributes stored within the Digest class to allow me to calculate HA2.

Thanks

PS sorry if I'm missing something obvious but completely new to Jetty


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top