On 17/10/2014 14:13, Konstantin Kolinko wrote: > 2014-09-30 19:22 GMT+04:00 Konstantin Kolinko <knst.koli...@gmail.com>: >> 2014-09-29 14:43 GMT+04:00 Mark Thomas <ma...@apache.org>: >>> On 27/09/2014 15:52, Konstantin Kolinko wrote: >> (....) >> >>>> 4) The current javadoc for RealmBase.main() says that algorithm (-a) >>>> is not required and "If not specified a default of SHA-512 will be >>>> used." >>>> >>>> I wonder whether that is justified. >>> >>> That is what is currently implemented. Happy to discuss changes but >>> SHA-512 doesn't seem unreasonable to me. >> >> >> I think there is a contradiction between -a <algorithm> and -h >> <credential handler implementation class> keys: >> 1) If -h is used I think it shall default to whatever default >> algorithm the credential handler implements. >> 2) Custom credential handler implementations may lack setAlgorithm() method. >> >> I think that one of (-a, -h) is required, with no default for either. >> The old code had no default for algorithm.
I agree with the two issues above but I have a different solution. If neither -a or -h is specified, SHA-512 and MessageDigestCredentialHandler will be used. If only -a is specified, the built-in handlers will be searched in order (MessageDigestCredentialHandler, SecretKeyCredentialHandler) and the first handler that supports the algorithm will be used. If only -h is specified, no default will be used for -a. The handler may or may nor support -a and may or may not supply a sensible default. >>> String encoding = "UTF-8"; >> >> I think it shall use system encoding, because the value is passed on >> the command line and is not read from file etc. Fixed. >> BTW, That chapter in realm-howto in Tomcat 8 needs an update for the >> new features of digest.sh / RealmBase.main(). Fixed. > I think that this have to be fixed before tagging next Tomcat 8 release. I believe I have address all the outstanding concerns with these changes. Let me know if I have missed something. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
