Is there way to use of hashed stored password in GlassFish & HTTP digest authentication?

Question

I suppose that in HTTP digest authentication, stored hashed password need to be like "MD5(username + realm + password)".

GlassFish's JDBCRealm need to store password separately. so, it must to be cleartext.

is it correct? or is there way to use stored hashed password?

Can you clarify your first question with a concrete example? Concerning the GlassFish's JDBC Realm, you are wrong: it supports various digest algorithms, haven't you tried googling? — perissf, Feb 23 '12 at 11:24
thanks for the comment. I know GlassFish supports many hash algorithms, and I tried with BASIC authentication, it works fine. and I had googling much, and found related URLs like [link](http://stackoverflow.com/questions/7702258/jdbcdigestauthentication-only-works-when-providing-the-hash) [link](http://stackoverflow.com/questions/2109308/http-digest-authentication) [link](http://stackoverflow.com/questions/1257287/can-i-use-an-already-md5-encoded-password-in-digest-authentication) but seems to nobody succeeded with HTTP DIGEST authentication with hashed stored passwords. — kyle, Feb 23 '12 at 12:03
as recent GlassFish 3.1.2 release, use of encrypted password are now possible. refer: [link](http://www.java.net/forum/topic/glassfish/glassfish/jdbc-realm-and-new-password-encryption-algorithm-field). but now i got a new problem of it with dynamic user addition because it used GlassFish's master password as encryption key. i don't know how to get GlassFish's master password from my application. any ideas? — kyle, Mar 08 '12 at 22:10

0 Answers0