tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <>
Subject RE: Password Input on Tomcat Startup
Date Fri, 08 Feb 2008 10:37:46 GMT
> From: Jan Mönnich []
> we have a very sensitive webapp that requires the input of a password
> when the tomcat server starts. We don't want to store this password
> in a file. One way we've already tested could be the use of a JDialog
> with a JPasswordField that is shown in the init() method of a servlet
> (<load-on-startup>1). Unfortunately this requires our server to run
> X11... :-(
> Is there any (hidden) way to input this password on the terminal
> tomcat was started from?

Assuming all communication is via HTTPS, an alternative goes roughly as follows:

- Pull any initialisation out of the servlet's init(), leaving just a boolean as to whether
the password's been entered or not;

- Modify the servlet to serve a please-enter-the-password page at a particular URL;

- When the user enters the password, run any init code;

- Refuse to serve any other pages until the password has been entered.

This uses Tomcat's normal interface - HTTP - to your advantage, and probably maintains security
to the level you need - you'll have to evaluate that.  Depends how much control you have over
the webapp, though.

                - Peter

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message