svn commit: r1747980 - /tomcat/trunk/webapps/docs/realm-howto.xml

Sun, 12 Jun 2016 04:31:11 -0700 

Author: fschumacher
Date: Sun Jun 12 11:30:48 2016
New Revision: 1747980

URL: http://svn.apache.org/viewvc?rev=1747980&view=rev
Log:
Mention the usage of CredentialHandlers instead of deprecated digest attribute 
in howto.

Modified:
    tomcat/trunk/webapps/docs/realm-howto.xml

Modified: tomcat/trunk/webapps/docs/realm-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/realm-howto.xml?rev=1747980&r1=1747979&r2=1747980&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/realm-howto.xml (original)
+++ tomcat/trunk/webapps/docs/realm-howto.xml Sun Jun 12 11:30:48 2016
@@ -168,13 +168,15 @@ authentication.</p>
 
 <p>When a standard realm authenticates by retrieving the stored
 password and comparing it with the value presented by the user, you
-can select digested passwords by specifying the <code>digest</code>
-attribute on your <code>&lt;Realm&gt;</code> element.  The value for
-this attribute must be one of the digest algorithms supported by the
-<code>java.security.MessageDigest</code> class (SHA, MD2, or MD5).
-When you select this option, the contents of the password that is
-stored in the <code>Realm</code> must be the cleartext version of the
-password, as digested by the specified algorithm.</p>
+can select digested passwords by placing a <a 
href="config/credentialhandler.html">
+<code>CredentialHandler</code></a> element inside your 
<code>&lt;Realm&gt;</code>
+element. An easy choice to support one of the algorithms SSHA, SHA or MD5
+would be the usage of the <code>MessageDigestCredentialHandler</code>.
+This element must be configured to one of the digest algorithms supported
+by the <code>java.security.MessageDigest</code> class (SSHA, SHA or MD5).
+When you select this option, the contents of the password that is stored
+in the <code>Realm</code> must be the cleartext version of the password,
+as digested by the specified algorithm.</p>
 
 <p>When the <code>authenticate()</code> method of the Realm is called, the
 (cleartext) password specified by the user is itself digested by the same



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to