tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject how to populate database with SHA hash for DIGEST
Date Mon, 18 Aug 2008 04:11:03 GMT
How to produce the hashed password when using auth-method DIGEST ?

Everything works with cleartext passwords using the following login- 
config in web.xml:


and in context.xml:

     <Realm className="org.apache.catalina.realm.JDBCRealm"  
         connectionPassword="test123" connectionURL="jdbc:mysql:// 
         userTable="UserAuth" userNameCol="username"  
         userRoleTable="UserRole" roleNameCol="role"  />

Now I want to add attribute digest="SHA" to the <Realm> above.  What  
value to insert for the password in the database? Following the Tomcat  
6 docs, I tried inserting the value produced by the following:

String credentials = username + ":" + "DIGLLOYD.COM" + ":" + password;
org.apache.catalina.realm.RealmBase.Digest( credentials, "SHA", null);


I've verified that the DB contains the hash values produced by Digest().

It isn't working; all attempts to login fail.

Help is greatly appreciated.

Lloyd Chambers

[Mac OS X 10.5.2 Intel, Tomcat 6.0.16]

On Apr 22, 2008, at 9:37 AM, Mark Thomas wrote:

>> Is the realm the <realm-name> specified in the <login-config> in  
>> web.xml? (eg "Tomcat Manager Application")
> Yes.
>> (link above) suggest "localhost:80" might be the realm, but that  
>> makes no sense to me, as this would tie it to a specific port.
> That is the default you get if you don't specify one.
>> The book I have -- "Tomcat, The Definitive Guide, 2nd Edition" is  
>> in conflict with the above documentation, making no mention of  
>> digesting with the username and realm.  The book suggest doing:
>> bin/ -a MD5 user-password
> As does the docs. This is for digested passwords with BASIC or FORM  
> auth.
>> But the tomcat 6 docs referenced above suggest doing:
>> bin/ -a MD5 username:realm-name:password
> This is for digested passwords with DIGEST auth.
>> --obviously very different approaches!
> Because they have different uses.
> Mark
> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message