Home > Articles > Programming > Java

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Digest Authentication

Digest authentication is just like basic authentication, except digest authentication uses encryption to protect passwords. In fact, digest authentication transmits a password's hash value, not the password itself.2

Figure 9-2 illustrates digest authentication with Tomcat. Notice the differences between the dialog in Figure 9-2, which declares this web site to be secure, and vs. the dialog in Figure 9-1, which does not.

Figure 9-2. Digest Authentication with Tomcat

Digest authentication is specified in an application's deployment descriptor, like this:

 <login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>Digest Authentication Example</realm-name>
  </login-config>
 </web-app>

The only difference between basic and digest authentication is the specification of the authentication method, as listed above.

NOTE

The digest authentication example discussed in this section works with Tomcat 4.0, but not with Tomcat 3.2.1.

  • + Share This
  • 🔖 Save To Your Account