I need to implement HTTP digest authentication for my Springboot Application. I have tried configuring this from Tomcat setup (How to use digest authentication in Tomcat 8.5? ut since Springboot doesn't generate any web.xml, I couldn't configure this. Can someone, please, give a piece of advice as for is there any alternative?
Steps Followed
1.generated sha -256 password
digest.bat -s 0 -a sha-256 tomcat
2. updated tomcat user file
<role rolename="admin-gui"/>
<user username="tomcat" password="ce066452368a3498047a43323cff46a00222945691d728747a2283273506a0a7"
roles="manager-gui,manager,admin"></user>
3. updated tomcat conf/server.xml
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="SHA-256" />
</Realm>
</Realm>
4. updated tomcat conf/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>MySecureResource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin-gui</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin-gui</role-name>
</security-role>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>UserDatabase</realm-name>
</login-config>
