Tuesday, September 22, 2015

Digest Authentication

Although the PAW Server configuration does not include Digest Authentication by default, this authentication scheme is available and can be configured inside the paw/conf/handler.xml configuration file.

To enable Digest Authentication, add the following lines to  the paw/conf/handler.xml file just after the opening <handlers> tag:

  <handler status="active">
    <name>Digest Handler</name>
    <description>Digest authentication handler.</description>
    <removable>true</removable>
    <id>authDigest</id>
    <files/>
    <params>
      <param name="authDigest.class" value="sunlabs.brazil.handler.DigestAuthHandler" />
      <param name="authDigest.prefix" value="/" />
      <param name="authDigest.realm" value="Protected" />
      <param name="authDigest.credentials" value="[PAW_HOME]/webconf/auth/digest.conf" />
    </params>
  </handler>

This configuration protects the whole web site, if you would only like to protect a single directory, you can change the prefix parameter.

Now create a file called paw/webconf/auth/digest.conf with the following content:

#---------------------------------------------------------
# Digest Authenticatin configuration
#---------------------------------------------------------
# Format:
# username=plain password
#
# Instead of the plain password, HA1 can be used:
# md5(user:realm:pass)
#
# username=HA1
#---------------------------------------------------------
user=test

The sample user is called user, with the password test.
It is recommended to build the HA1 hash for security reasons.

For the changes to take effect, restart the server.