This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Soft Skills: The software developer's life manual and have John Sonmez on-line!
See this thread for details.
Win a copy of Soft Skills: The software developer's life manual this week in the Jobs Discussion forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JDBCUserRealm question

 
aakil
Greenhorn
Posts: 13
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using JDBCUserRealm form based authentication to log to my system
This stores my user name and password into the database as clear text
I wish to hash digest my password in the database.
but when I try to modify my login page to reflect the changes the brower hangs.
This is what I had done so far.
a) wrote another jsp page to encrypt the password in the database
b) I tried to insert an iframe object to the login page to capture the password and encrypt it before it is sent for authentication
but this is hanging the browser, everything works fine when i remove the iframe object from the form. when I copied the login page to another name and executed it, it worked the expected way with iframe object(my guess is, when I executed the changed login page the web.xml file is referring to the old file, in another words for the application it is not the login page, so it does not mind)

my login page
----------------
<html>
<form method="POST" name = "loginForm" >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="password"></td>
</tr>
<tr>
<td align="right"><input type="button" value="Log In" onKlick ="hashPassword()"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
<input type="hidden" name="j_password" >
</form>
<iframe name="hashIt" src="getDigest.jsp" width="0" height="0" style="visibility: hidden" />
</html>
for JDBCUserRealm these are a MUST
1) username should be "j_username"
2) password should be "j_password"
3) form action should be "j_security_check"

"getDigest.jsp" page
----------------------
<%@ page import="com.thahir.security.Digest"%>
<%
Digest digest = new Digest();
String password = request.getParameter("password");
if (password == null) {
response.sendRedirect("login.jsp");
return;
}
password = digest.getDigest(password);
%>
<script>
parent.setPassword("<%= password %>");
</script>

java scripts
---------------
function hashPassword() {
password = document.loginForm.password.value;
hashIt.location = "getDigest.jsp?password="+ password;
}
function setPassword(password) {
document.loginForm.j_password.value = password;
window.loginForm.action = "j_security_check";
window.loginForm.submit();
}
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64171
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch aakil!
You'll find this forum a great place to seek help on JSP pages, and there aren't many rules you'll have to worry about, but one is that proper names are required. Please take a look at the JavaRanch Naming Policy and change your display name to match it. (In your case, 'kk' is not a valid last name).
Thanks!
bear
JSP Forum Bartender
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64171
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Now on to your question. You did not mention which servlet container you are using. I am assuming Tomcat?
bear
 
aakil
Greenhorn
Posts: 13
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sorry about the display name thing
I am working on Jetty server
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic