File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JForum and the fly likes Tomcat using same user+password Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "Tomcat using same user+password" Watch "Tomcat using same user+password" New topic
Author

Tomcat using same user+password

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hey all,
I have a small app running in tomcat and I need a forum. I chose JForum and now I want the users that have access to JForum to be mapped to my Tomcat app..
I was able to configure my Tomcat to work with a mysql temp database holding username+password+role(group).

Now my problem: the userpassword is encypted and now it�s not workin anymore...

This is what I found but I don�t know how to use.....

Using digested passwords

To use digested password you need to store them digested. To achieve this, you will need to use the same digest strategies that JDBCrealm uses to store the passwords. Iinside JDBCRealm there is a static method with signature final public static String digest(String password,String algorithm). This method is provided as a tool to be used outside JDBCRealm by an application that wants to generate digested passwords readable by JDBCRealm.

The class JDBCRealm contains a main method, so it can be used as an application to generate digests and print them to stdout. Usage is:
java org.apache.tomcat.modules.aaa.RealmBase -a <algorithm> <password> [<password> ...]
where <algorithm> is a supported message digest algorithm, e.g. MD5, and <password> is a plaintext password to be digested.

Note: the jar where RealmBase class can be found is %TOMCAT_HOME%/lib/container/tomcat_modules.jar



What gigest alg is used?
THX
[originally posted on jforum.net by masjabb]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hm... but for what are you trying to use that? JForum has its own user management, as well mysql, so this tomcat configuration don't affect them.

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hey,

I want to use the users(and groups) from the forum to get access to my app.

If you are a user in the forum an you are for instance member of the admin-group than you should be able to get access to my app with the same username and group(role).

I want my app to take it�s users from the mysql database that�s holds the users from the app.

[originally posted on jforum.net by masjabb]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
If you want to use the smae user database of JForum, you should authenticate against the table jforum_users, field username and user_password. The password is hashed using MD5.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
wood burning stoves
 
subject: Tomcat using same user+password
 
Similar Threads
MD5 Digest Problem in Java
JDBCRealm
Authentication/Authorization
Using MD5 in MessageDigest to encrypt a String
encrypting passwords