tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: [tomcat]How to decrypt the DIGEST authentication?
Date Sun, 04 Nov 2007 18:28:18 GMT
zhongliang zhang wrote:
> Hi,Mark,
> I have to turn to you again.
> I encounter the problem with configuring the Digested-Password in the JDBCRealm.
> The JDBCRealm fragment of the $TOMCAT_HOME/conf/server.xml is shown as followed:
> <Realm  className="org.apache.catalina.realm.JDBCRealm"           driverName="com.mysql.jdbc.Driver"
          connectionURL="jdbc:mysql://localhost/test"           connectionName="root" connectionPassword="root"
          userTable="users" userNameCol="user_name" userCredCol="user_pass"           userRoleTable="user_roles"
roleNameCol="role_name" />
> and in the $TOMCAT_HOME/conf/web.xml,I did the following security-constraint:
> <security-constraint> <web-resource-collection>  <web-resource-name>all</web-resource-name>
 <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint>
 <role-name>customized</role-name> </auth-constraint></security-constraint><login-config>
<auth-method>DIGEST</auth-method> <realm-name>JDBCRealm</realm-name></login-config>
> it works with mysql database which is just for testing.Now in my database table users,I
insert a record: 
> user_name:zhangzhongl
> user_pass:zhangzhongl
> and in the database table,I insert a record:
> role_name:customized
> username:zhangzhongl
> So,it works before I added the digest attribute to the <Realm> element with value
"SHA" or "MD5".

OK, so far so good. DIGEST auth is working with cleartext passwords stored
in the database.

> After I added the digest attribute,
> I copied the tomcat-juli.jar from $TOMCAT_HOME/bin to $TOMCAT_HOME/lib,then start up,
Not sure why you needed to do this.

> after I entered the username zhangzhongl and clear-text password
> (Now,in the database,I stored the password with SHA encrypted form),
> it does now work,which means I can not enter the tomcat welcome page.

I assume you mean it doesn't work here. OK. The important thing is how you
generated the SHA encrypted password. To use DIGEST *and* digested
passwords you need to do:
java org.apache.catalina.realm.RealmBase -a {algorithm}

For you example, assuming a password of secret:
java org.apache.catalina.realm.RealmBase -a SHA1 zhangzhongl:JDBCRealm:secret

Note this should all be on the same line.

Full details at


> I do not know what the reason is.
> Please do me a favor.
> thanks so much!> >>
> Mark> > --------------------------------------------------------------------->
To start a new topic, e-mail:> To unsubscribe, e-mail:>
For additional commands, e-mail:> 
> _________________________________________________________________
> Connect to the next generation of MSN Messenger 

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message