File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes JDBCUserRealm question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "JDBCUserRealm question" Watch "JDBCUserRealm question" New topic

JDBCUserRealm question


Joined: Sep 30, 2003
Posts: 13
I am using JDBCUserRealm form based authentication to log to my system
This stores my user name and password into the database as clear text
I wish to hash digest my password in the database.
but when I try to modify my login page to reflect the changes the brower hangs.
This is what I had done so far.
a) wrote another jsp page to encrypt the password in the database
b) I tried to insert an iframe object to the login page to capture the password and encrypt it before it is sent for authentication
but this is hanging the browser, everything works fine when i remove the iframe object from the form. when I copied the login page to another name and executed it, it worked the expected way with iframe object(my guess is, when I executed the changed login page the web.xml file is referring to the old file, in another words for the application it is not the login page, so it does not mind)

my login page
<form method="POST" name = "loginForm" >
<table border="0" cellspacing="5">
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
<th align="right">Password:</th>
<td align="left"><input type="password" name="password"></td>
<td align="right"><input type="button" value="Log In" onKlick ="hashPassword()"></td>
<td align="left"><input type="reset"></td>
<input type="hidden" name="j_password" >
<iframe name="hashIt" src="getDigest.jsp" width="0" height="0" style="visibility: hidden" />
for JDBCUserRealm these are a MUST
1) username should be "j_username"
2) password should be "j_password"
3) form action should be "j_security_check"

"getDigest.jsp" page
<%@ page import=""%>
Digest digest = new Digest();
String password = request.getParameter("password");
if (password == null) {
password = digest.getDigest(password);
parent.setPassword("<%= password %>");

java scripts
function hashPassword() {
password = document.loginForm.password.value;
hashIt.location = "getDigest.jsp?password="+ password;
function setPassword(password) {
document.loginForm.j_password.value = password;
window.loginForm.action = "j_security_check";
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 60782

Welcome to the Ranch aakil!
You'll find this forum a great place to seek help on JSP pages, and there aren't many rules you'll have to worry about, but one is that proper names are required. Please take a look at the JavaRanch Naming Policy and change your display name to match it. (In your case, 'kk' is not a valid last name).
JSP Forum Bartender

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 60782

Now on to your question. You did not mention which servlet container you are using. I am assuming Tomcat?

Joined: Sep 30, 2003
Posts: 13
sorry about the display name thing
I am working on Jetty server
It is sorta covered in the JavaRanch Style Guide.
subject: JDBCUserRealm question
Similar Threads
j_security_check - How Does It Verify Information
URLConnection and form based authentication
redirect from external page to tomcat 4 with forms based authentication
how to control redirect of j_servlet_check