JBoss.orgCommunity Documentation

Chapter 79. Digest Authentication

79.1. Overview
79.2. Server configuration
79.2.1. Tomcat Server configuration
79.2.2. Jetty server configuration
79.2.3. JBoss server configuration
79.3. OrganizationService implementation requirements

Digest access authentication is one of the agreed methods a web server can use to negotiate credentials with a web user's browser. It uses encryption to send the password over the network which is safer than the Basic access authentication that sends plaintext.

Technically digest authentication is an application of MD5 cryptographic hashing with usage of nonce values to discourage cryptanalysis. It uses the HTTP protocol.

To configure you server to use DIGEST authentication we need to edit serverside JAAS module implementation configuration file.

To make your own org.exoplatform.services.organization.OrganizationService implementation able to use DIGEST authentication you need to make your UserHandler implementation also implement org.exoplatform.services.organization.DigestAuthenticator interface which provide more flexible authenticate method. As it is called from org.exoplatform.services.organization.auth.OrganizationAuthenticatorImpl it receive a org.exoplatform.services.security.Credential instances, you can get more information from org.exoplatform.services.security.PasswordCredential.getPasswordContext(). It can be used to calculate md5 digest of original password to compare it with recieved from clientside.