Tomcat - Understanding CredentialHandler

Question

I need to use Container Managed Security and Authentication in my latest project. And I have a couple of queries regarding how to configure a Credential Handler.

<

Answer 1

The algorithm field of MessageDigestCredentialHandler is a string that can take any of the values described here: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest

The difference between MessageDigestCredentialHandler and SecretKeyHandler is the algorithms to use, I think, SecretKeyHandler is more secure because of the javax.crypto.SecretKeyFactory.

I can't provide any sample of configuration, but when I worked with TomcatRealms implementing custom AuthorizationProviders I always configured it in META-INF/context.xml

Finally, I would like to advise you, for years I have bee working with custom AuthorizationProviders, but now I migrated all of them to Spring Security.