Closed dstenger closed 7 months ago
According to this link, the credentials should be managed by the realm, which is now the case. Here is another example in the code of Apache Tomcat: https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/realm/UserDatabaseRealm.java Imho, the solution is fine.
Branch:
6.0
Classes to consider:
PBKDF2Realm
andUserFilesRealm
Current status is more a workaround. Relevant commits:
Mechanism shall be improved.