This week's book giveaway is in the OCAJP 8 forum.
We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line!
See this thread for details.
The moose likes JSP and the fly likes JDBCUserRealm question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "JDBCUserRealm question" Watch "JDBCUserRealm question" New topic

JDBCUserRealm question


Joined: Sep 30, 2003
Posts: 13
I am using JDBCUserRealm form based authentication to log to my system
This stores my user name and password into the database as clear text
I wish to hash digest my password in the database.
but when I try to modify my login page to reflect the changes the brower hangs.
This is what I had done so far.
a) wrote another jsp page to encrypt the password in the database
b) I tried to insert an iframe object to the login page to capture the password and encrypt it before it is sent for authentication
but this is hanging the browser, everything works fine when i remove the iframe object from the form. when I copied the login page to another name and executed it, it worked the expected way with iframe object(my guess is, when I executed the changed login page the web.xml file is referring to the old file, in another words for the application it is not the login page, so it does not mind)

my login page
<form method="POST" name = "loginForm" >
<table border="0" cellspacing="5">
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
<th align="right">Password:</th>
<td align="left"><input type="password" name="password"></td>
<td align="right"><input type="button" value="Log In" onKlick ="hashPassword()"></td>
<td align="left"><input type="reset"></td>
<input type="hidden" name="j_password" >
<iframe name="hashIt" src="getDigest.jsp" width="0" height="0" style="visibility: hidden" />
for JDBCUserRealm these are a MUST
1) username should be "j_username"
2) password should be "j_password"
3) form action should be "j_security_check"

"getDigest.jsp" page
<%@ page import=""%>
Digest digest = new Digest();
String password = request.getParameter("password");
if (password == null) {
password = digest.getDigest(password);
parent.setPassword("<%= password %>");

java scripts
function hashPassword() {
password = document.loginForm.password.value;
hashIt.location = "getDigest.jsp?password="+ password;
function setPassword(password) {
document.loginForm.j_password.value = password;
window.loginForm.action = "j_security_check";
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63348

Welcome to the Ranch aakil!
You'll find this forum a great place to seek help on JSP pages, and there aren't many rules you'll have to worry about, but one is that proper names are required. Please take a look at the JavaRanch Naming Policy and change your display name to match it. (In your case, 'kk' is not a valid last name).
JSP Forum Bartender

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63348

Now on to your question. You did not mention which servlet container you are using. I am assuming Tomcat?

Joined: Sep 30, 2003
Posts: 13
sorry about the display name thing
I am working on Jetty server
I agree. Here's the link:
subject: JDBCUserRealm question
jQuery in Action, 3rd edition