Skip to main content

DIGEST & file realm

11 replies [Last post]
Anonymous

Is it possible to have secure REST service with DIGEST and file realm?

Regards, Tomaz

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
sanurmi
Offline
Joined: 2013-03-18
Points: 0

I would like to know that as well. I am implementing REST-sevices and the client is HTML5-client. I need to made application secure and I tried with basic auth and FORM + JDBCRealm, but no success. What is the best way to authenticate HTML5-REST-application? Is it even possible to use basic auth + JDBCRealm in that context?

Cheers,
Sami

mgainty
Offline
Joined: 2004-05-21
Points: 0

*If* you are using Rampart security module in axis

set PasswordType to Digest in your *policy*.xml

Digest

HTH,

Martin

______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.

> Date: Thu, 4 Apr 2013 11:13:14 +0200
> From: tomaz.majerhold@arnes.si
> To: users@glassfish.java.net
> Subject: DIGEST & file realm
>
> Is it possible to have secure REST service with DIGEST and file realm?
>
>
> Regards, Tomaz

FionaS
Offline
Joined: 2013-04-10
Points: 0

Hi,
I have tried Glassfish 3.1.2 with a RESTful application with DIGEST authentication.

I had a really simple "file" realm created with one user via the console UI.

It didn't work.

BASIC worked fine though.

I'm pretty sure my client was o.k. as I updated my "wget" to 1.14 that had a fix for
adding RFC 2617 for DIGEST authentication.

I'm fairly stumped now. I assume it is a Glassfish bug as I found some other queries that were also unanswered.

http://www.java.net/forum/topic/glassfish/glassfish/glassfish-error-sec1...

Anybody know anymore ?

thanks
Fiona

sanurmi
Offline
Joined: 2013-03-18
Points: 0

FionaS wrote:
Hi,
I have tried Glassfish 3.1.2 with a RESTful application with DIGEST authentication.

I had a really simple "file" realm created with one user via the console UI.

It didn't work.

BASIC worked fine though.

I'm pretty sure my client was o.k. as I updated my "wget" to 1.14 that had a fix for
adding RFC 2617 for DIGEST authentication.

I'm fairly stumped now. I assume it is a Glassfish bug as I found some other queries that were also unanswered.

http://www.java.net/forum/topic/glassfish/glassfish/glassfish-error-sec1...

Anybody know anymore ?

thanks
Fiona

Nice. Could you pls tell me what is wrong in my case? I got BASIC working in server machine, but when client is trying to use it's rest-service, BASIC is not working anymore. Here is the link to my question, I really appreciated if you have time to tell me what to do!

http://stackoverflow.com/questions/15947415/basic-authentication-in-rest...

Sami

mgainty
Offline
Joined: 2004-05-21
Points: 0

spring acegi is your implementor

http://www.javacodegeeks.com/2011/12/basic-and-digest-authentication-for...

Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.

> To: users@glassfish.java.net
> Subject: Re: RE: DIGEST & file realm
> From: forums@java.net
> Date: Sun, 14 Apr 2013 14:26:36 -0500
>
>

FionaS wrote:
Hi, I have tried Glassfish 3.1.2 with a RESTful application
> with DIGEST authentication. I had a really simple "file" realm created with
> one user via the console UI. It didn't work. BASIC worked fine though. I'm
> pretty sure my client was o.k. as I updated my "wget" to 1.14 that had a fix
> for adding RFC 2617 for DIGEST authentication. I'm fairly stumped now. I
> assume it is a Glassfish bug as I found some other queries that were also
> unanswered.
> http://www.java.net/forum/topic/glassfish/glassfish/glassfish-error-sec1...
> Anybody know anymore ? thanks Fiona
Nice. Could you pls tell me what
> is wrong in my case? I got BASIC working in server machine, but when client
> is trying to use it's rest-service, BASIC is not working anymore. Here is the
> link to my question, I really appreciated if you have time to tell me what to
> do!
> http://stackoverflow.com/questions/15947415/basic-authentication-in-rest...
> Sami
>
> --
>
> [Message sent by forum member 'sanurmi']
>
> View Post: http://forums.java.net/node/896170
>
>

FionaS
Offline
Joined: 2013-04-10
Points: 0

hi Sami,
I'm afraid I'm a total newbie also.

I just did the simplest thing I could:

file realm with 1 user
BASIC authentication for the URL "/resources/*", the same as what I specify for
the jersey Servlet.

This works fine ( with a wget client)

I changed BASIC to DIGEST thinking it would just work,
but it didn't.

Fiona

FionaS
Offline
Joined: 2013-04-10
Points: 0

hi Sami,
I'm afraid I'm a total newbie also.

I just did the simplest thing I could:

file realm with 1 user
BASIC authentication for the URL "/resources/*", the same as what I specify for
the jersey Servlet.

This works fine ( with a wget client)

I changed BASIC to DIGEST thinking it would just work,
but it didn't.

Fiona

FionaS
Offline
Joined: 2013-04-10
Points: 0

I gave up trying to get DIGEST & file realm to work. There weren't a lot of levers to tweak!
In the end, I tried DIGEST and a jdbc realm and this worked. Here is what I did.

    Install a mysql database with yum.
    Follow these instructions (with some changes, this blog is for FORM authentication so stop at step 4)
    Create the mysql database "realm_db" with the tables in the above blog
    Using the Glassfish console UI, I created a JDBC Connection Pool and JDBC Resource for mysql database.
    In the Pool Additional Properties, add in your mysql database properties as shown in the blog
    On the server-config, Security page, I set "Default Realm" to jdbc-realm
    IMPORTANT: When creating the JDBC security realm, use JAAS context of "jdbcDigestRealm" and
    JNDI of "jdbc/realm_db".
    I left these fields blank, Digest Algorithm, Encoding, Charset, Password, Encryption Algormithm etc. and I put the passwords in the mysql database in clear text.

    By the way, I used an up-to-date version of wget for testing because I read somewhere that older versions don't have proper RFC2617 DIGEST support. The version is 1.14 from Aug 12.
    don't support

FionaS
Offline
Joined: 2013-04-10
Points: 0

I gave up trying to get DIGEST & file realm to work. There weren't a lot of levers to tweak!
In the end, I tried DIGEST and a jdbc realm and this worked. Here is what I did.

    Install a mysql database with yum.
    Follow these instructions (with some changes, this blog is for FORM authentication so stop at step 4)
    Create the mysql database "realm_db" with the tables in the above blog
    Using the Glassfish console UI, I created a JDBC Connection Pool and JDBC Resource for mysql database.
    In the Pool Additional Properties, add in your mysql database properties as shown in the blog
    On the server-config, Security page, I set "Default Realm" to jdbc-realm
    IMPORTANT: When creating the JDBC security realm, use JAAS context of "jdbcDigestRealm" and
    JNDI of "jdbc/realm_db".
    I left these fields blank, Digest Algorithm, Encoding, Charset, Password, Encryption Algormithm etc. and I put the passwords in the mysql database in clear text.

    By the way, I used an up-to-date version of wget for testing because I read somewhere that older versions don't have proper RFC2617 DIGEST support. The version is 1.14 from Aug 12.
    don't support

FionaS
Offline
Joined: 2013-04-10
Points: 0

I forgot to mention that with the mysql, you need a driver file in
$GLASSFISH_HOME/domains/domain1/lib.
The file is called mysql-connector-java-3.1.13-bin.jar

mgainty
Offline
Joined: 2004-05-21
Points: 0

dont forget to specify jdbc realm in the container descriptor!

http://docs.oracle.com/cd/E19798-01/821-1751/ggmww/index.html

Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.

> To: users@glassfish.java.net
> Subject: Re: RE: DIGEST & file realm
> From: forums@java.net
> Date: Tue, 14 May 2013 03:58:56 -0500
>
> I forgot to mention that with the mysql, you need a driver file in
> $GLASSFISH_HOME/domains/domain1/lib. The file is called
> mysql-connector-java-3.1.13-bin.jar
>
> --
>
> [Message sent by forum member 'FionaS']
>
> View Post: http://forums.java.net/node/896170
>
>