jdbcDigestAuthentication仅在提供哈希时有效

在我的web.xml中将auth-method改为DIGEST

changed in my web.xml the auth-method to DIGEST

在我的数据库中将我的JDBC Realm的JAAS上下文更改为jdbcDigestRealm

changed the JAAS context of my JDBC Realm to "jdbcDigestRealm"

我曾经将password作为密码，我改为MD5的结果（webuser：postgres：webuser）（其中webuser是登录名，webuser是密码，postgres是领域），换句话说，我将表中的密码设置为c3c2681ed07a5a2a5cb772061a8385e8。

in my db, I used to have "password" as a password, I changed in to the result of MD5(webuser:postgres:webuser) (where webuser is the login, webuser is the password, and postgres is the realm), in other words I set the password in my table to c3c2681ed07a5a2a5cb772061a8385e8.

我遇到的问题是，当我尝试访问资源时，浏览器会显示登录弹出窗口，但使用 webuser因为密码不起作用。但是，使用c3c2681ed07a5a2a5cb772061a8385e8作为密码可以正常工作。看起来我还处于BASIC身份验证模式。

The problem I have is that the login popup is displayed by the browser when I try to access the resource, but using "webuser" as the password doesn't work. However, using "c3c2681ed07a5a2a5cb772061a8385e8" as the password works. It looks like I'm still in BASIC authentication mode.

任何线索？

谢谢！

DIGEST auth方法与HTTP摘要式身份验证相同。它只是加密浏览器和服务器之间的通信。服务器仍然以明文形式提供密码。

The DIGEST auth-method is same as HTTP Digest Authentication. It just encrypts the communication between the browser and the server. The server still has the password in plain text.

来自 java.boot.by/wcd-guide/ch05s03.html ：

基本身份验证和摘要身份验证之间的区别在于，在浏览器和服务器之间的网络连接上，密码是加密，即使在非SSL连接上也是如此。在服务器中，密码可以以明文或加密文本存储，对于所有登录方法都是如此，并且与应用程序部署者的选择无关。

The difference between basic and digest authentication is that on the network connection between the browser and the server, the password is encrypted, even on a non-SSL connection. In the server, the password can be stored in clear text or encrypted text, which is true for all login methods and is independent of the choice that the application deployer makes.

您应该设置 JDBC的 digest-algorithm 属性领域到 MD5 。之后，JDBC Realm将对密码进行哈希处理。

You should set the digest-algorithm property of your JDBC Realm to MD5. After that the JDBC Realm will hash the password.