Improve handling of passwords of REST interface

opengeospatial / teamengine

TEAM Engine (Test, Evaluation, And Measurement Engine) is an engine for testing web services and other resources written in JAVA. It executes test scripts written in Compliance Test Language (CTL), TestNG and other languages. It is lightweight and easy to run as a command line or to setup as a service. It can be used to test any type of service or encoding. It is also the official tool used by the Open Geospatial Consortium (OGC) for compliance testing.

Apache License 2.0

45 stars 41 forks source link

Improve handling of passwords of REST interface #588

Closed dstenger closed 10 months ago

dstenger commented 1 year ago

Branch: 6.0

Classes to consider: PBKDF2Realm and UserFilesRealm

Current status is more a workaround. Relevant commits:

Mechanism shall be improved.

bpross-52n commented 10 months ago

According to this link, the credentials should be managed by the realm, which is now the case. Here is another example in the code of Apache Tomcat: https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/realm/UserDatabaseRealm.java Imho, the solution is fine.