HTTP digest with hashed saved password

Question

HTTP digest with hashed saved password

im using HTTP Digest to connect to my Spring application using Spring DigestAuthenticationFilter. The application uses Tomcat 7. It works fine with plain text (in the database)

My problem: I want to store hashed passwords (with salt, if possible), and not in clear text. But if I understood correctly, HTTP Digest requires that the password be in clear text.

Is there a way to change this in Spring Security?

+8

security http spring-security tomcat

guigui42 Jun 05 '11 at 23:04

source share

1 answer

Vineet reynolds · Accepted Answer · 2011-06-06T00:23:56+0000

I want to store hashed passwords (with salt, if possible), and not in plain text. But if I understood well, an HTTP digest requires a password to be in clear text.
Is there a way to change this in Spring Security?

No, this is not mutable, at least at the time of writing this. Spring Security documentation for digest authentication reads as follows: where it is obvious that passwords should be in clear text.

Configuring UserDetailsService is necessary because DigestProcessingFilter must have direct access to the user's text password . Digest Authentication will NOT work if you use encoded passwords in your DAO.

HTTP digest with hashed saved password

More articles: