I have a Jboss 7.1.1 server exposing SOAP Web Services. Currently they are authenticated usin http-BASIC authentication as declared in the service class
@WebContext(authMethod = "BASIC",...)
The associated security domain config is as follows :
<security-domain name="myDomain" cache-type="...">
<authentication>
<login-module code="..." flag="sufficient" module="..."> //code extending from UsernamePasswordLoginModule
<module-option name="hashAlgorithm" value="SHA-1"/>
<module-option name="hashCharset" value="UTF-8"/>
<module-option name="ignorePasswordCase" value="false"/>
<module-option name="hashStorePassword" value="false"/>
<module-option name="hashUserPassword" value="true"/>
</login-module>
</authentication>
</security-domain>
I want to use http-DIGEST authentication method instead. Can I do something like - @WebContext(authMethod = "DIGEST",...)
, what would be the required changes in the standalone.xml ? Or any other better way that any one can suggest.
Also, I would like to know that since I am using BASIC http authentication currently then is the security domain config given above necessary or not. Since BASIC authentication is not using any hash algorithm.
Thanks