We have been running Tomcat 5 for a while now and we recently found a need to switch from BASIC authentication to DIGEST authentication. Well, this has left me with a few questions that were unclear in the book:
- When defining the DIGEST authentication, is it necessary to define the algorithm in both the Realm in conf/server.xml as well as the application's WEB-INF/web.xml?
- Is the positioning of the <login-config> section compared to the <security-constraint> section in the web.xml file important? (i.e. do they need to be right next to each other?)
- Can anyone please post a working web.xml config for DIGEST authentication in a Tomcat 5 server?
Thanks in advance.