I'm trying to get a digest password setup for the tomcat manager application.
I've got
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" digest="MD5"/>
in my tomcat server.xml changed the manager web application's web.xml to use digest and changed the realm name to TESTING:
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>TESTING</realm-name>
</login-config>
I then used the included bat file to generate the md5 hash:
C:\tomcat6\bin>digest.bat -a MD5 tomcat:TESTING:testor
tomcat:TESTING:testor:1926e50988667dbd5deda9df02b82f28
I then have a user in tomcat-users.xml with that digested hash as a password:
<!-- testor -->
<user username="tomcat" password="1926e50988667dbd5deda9df02b82f28" roles="manager"/>
I've also modifed the 401.jsp page to use digest and TESTING as the realm name.
I start up the web app, go to http://localhost:8080/manager/html and am prompted with the standard form. Typing in tomcat as the user, and testor as the password, I hit enter only to get a 401. I of course try again and again get a 401.
I'll probably go with BASIC authentication over SSL in the end since ant can't do digest, as far as I know.
But is there anyway to do this?