opengeospatial/teamengine

Improve handling of passwords of REST interface

Closed this issue · 1 comments

Branch: 6.0

Classes to consider: PBKDF2Realm and UserFilesRealm

Current status is more a workaround. Relevant commits:

Mechanism shall be improved.

According to this link, the credentials should be managed by the realm, which is now the case. Here is another example in the code of Apache Tomcat: https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/realm/UserDatabaseRealm.java
Imho, the solution is fine.