wood burning stoves 2.0*
The moose likes JSP and the fly likes JDBCUserRealm question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "JDBCUserRealm question" Watch "JDBCUserRealm question" New topic
Author

JDBCUserRealm question

aakil
Greenhorn

Joined: Sep 30, 2003
Posts: 13
I am using JDBCUserRealm form based authentication to log to my system
This stores my user name and password into the database as clear text
I wish to hash digest my password in the database.
but when I try to modify my login page to reflect the changes the brower hangs.
This is what I had done so far.
a) wrote another jsp page to encrypt the password in the database
b) I tried to insert an iframe object to the login page to capture the password and encrypt it before it is sent for authentication
but this is hanging the browser, everything works fine when i remove the iframe object from the form. when I copied the login page to another name and executed it, it worked the expected way with iframe object(my guess is, when I executed the changed login page the web.xml file is referring to the old file, in another words for the application it is not the login page, so it does not mind)

my login page
----------------
<html>
<form method="POST" name = "loginForm" >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="password"></td>
</tr>
<tr>
<td align="right"><input type="button" value="Log In" onKlick ="hashPassword()"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
<input type="hidden" name="j_password" >
</form>
<iframe name="hashIt" src="getDigest.jsp" width="0" height="0" style="visibility: hidden" />
</html>
for JDBCUserRealm these are a MUST
1) username should be "j_username"
2) password should be "j_password"
3) form action should be "j_security_check"

"getDigest.jsp" page
----------------------
<%@ page import="com.thahir.security.Digest"%>
<%
Digest digest = new Digest();
String password = request.getParameter("password");
if (password == null) {
response.sendRedirect("login.jsp");
return;
}
password = digest.getDigest(password);
%>
<script>
parent.setPassword("<%= password %>");
</script>

java scripts
---------------
function hashPassword() {
password = document.loginForm.password.value;
hashIt.location = "getDigest.jsp?password="+ password;
}
function setPassword(password) {
document.loginForm.j_password.value = password;
window.loginForm.action = "j_security_check";
window.loginForm.submit();
}
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61448
    
  67

Welcome to the Ranch aakil!
You'll find this forum a great place to seek help on JSP pages, and there aren't many rules you'll have to worry about, but one is that proper names are required. Please take a look at the JavaRanch Naming Policy and change your display name to match it. (In your case, 'kk' is not a valid last name).
Thanks!
bear
JSP Forum Bartender


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61448
    
  67

Now on to your question. You did not mention which servlet container you are using. I am assuming Tomcat?
bear
aakil
Greenhorn

Joined: Sep 30, 2003
Posts: 13
sorry about the display name thing
I am working on Jetty server
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JDBCUserRealm question