[Skunkdav-dev] Questions about Digest auth.
Status: Beta
Brought to you by:
smulloni
Menu
▾
▴
[Skunkdav-dev] Questions about Digest auth.
|
From: David S. <ds...@ap...> - 2002-05-07 17:58:09
|
I have been using Brendan's modifications to DAVConnection.java to
enable Digest authentication.
I was exclusively using Digest and everything was working fine until I
started testing with Windows web folders. Most Windows setups seem to
ignore the headers requesting Digest authentication and fail
completely. It also seems to require the Basic authentication header
before the Digest if both are present. Anyone have any updated info
what is going on here?
So, in order to accommodate all clients I have the server adding both
auth headers to the 401 response
a) WWW-Authenticate: Basic realm="xxx"
b) WWW-Authenticate: Digest realm="xxx", nonce="xxxxxxx",
algorithm=MD5, domain="/", qop="auth"
But what I just discovered is that SkunkDAV seems to pick the basic
authentication and not the more secure Digest. I started trying to
understand the HTTPClient package to see if its just using the first one
it can. That is my hunch but I am looking for some advice from those
of you who are more experienced with the HTTPClient package.
One hack I thought about was making a DAVConnection instance boolean
specifying if Basic auth was to be allowed. If not allowed the
DAVConnection:getAuthorization method would return null for Basic scheme
check.
Looking for some good advice,
-dave
|