• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat Realm DES encrypted passwords

 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to create a project in Eclipse with Java, Tomcat and Struts.
Login needs to be done with DES encrypted passwords.

Where can I find example for this? I'm in a hurry, and Google still doesn't help me a lot on this problem.

Any constructive hints would be useful, but project example would be the best!


Regards
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you have a custom realm implementation that does this and you want to integrate it with Struts? Or are you looking for one that has these capabilities?

The common approach to storing passwords in a database is not to encrypt them, but to hash (or digest) them. That way they can't be recovered by someone who accesses the DB. It also means that it is supported by Tomcat's realms out of the box.

If for some reason you need to stick with encryption, check out JCE (which is the java API for encryption). Some relevant links are in the http://faq.javaranch.com/java/SecurityFaq including full en-/decryption source code using DES. Note that DES in obsolete and should no longer be used; either AES or TripleDES -both of which are supported by JCE- are much better choices. But as I said above, using hashes/digests is the common way to do this.
 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for the answer, Ulf:

So, I have a precisely defined task where I need to create and use custom Realm class for DES encryption and decryption for passwords. Maybe it is not the best solution, but i have to do it this way...

I'm looking for similar examples developed in Eclipse.

Any more ideas?


Regards
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd suggest to get the source code of Tomcat and use one of its realm implementations as the basis for your own. You could extend the one that comes closest to what you're trying to do (maybe JDBCRealm or DataSourceRealm - you didn't say where passwords are stored), and add the encryption/decryption functionality to it.

There's nothing Eclipse-specific about this.
 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
JDBCRealm is the class that needs to be extended.
Passwords should be stored in MySql database.

Examples are welcome!


Regards
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic