File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Struts and the fly likes Tomcat Realm DES encrypted passwords Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Tomcat Realm DES encrypted passwords" Watch "Tomcat Realm DES encrypted passwords" New topic
Author

Tomcat Realm DES encrypted passwords

Imre Tokai
Ranch Hand

Joined: Jun 04, 2008
Posts: 130
I want to create a project in Eclipse with Java, Tomcat and Struts.
Login needs to be done with DES encrypted passwords.

Where can I find example for this? I'm in a hurry, and Google still doesn't help me a lot on this problem.

Any constructive hints would be useful, but project example would be the best!


Regards
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41863
    
  63
Do you have a custom realm implementation that does this and you want to integrate it with Struts? Or are you looking for one that has these capabilities?

The common approach to storing passwords in a database is not to encrypt them, but to hash (or digest) them. That way they can't be recovered by someone who accesses the DB. It also means that it is supported by Tomcat's realms out of the box.

If for some reason you need to stick with encryption, check out JCE (which is the java API for encryption). Some relevant links are in the http://faq.javaranch.com/java/SecurityFaq including full en-/decryption source code using DES. Note that DES in obsolete and should no longer be used; either AES or TripleDES -both of which are supported by JCE- are much better choices. But as I said above, using hashes/digests is the common way to do this.


Ping & DNS - my free Android networking tools app
Imre Tokai
Ranch Hand

Joined: Jun 04, 2008
Posts: 130
Thank you for the answer, Ulf:

So, I have a precisely defined task where I need to create and use custom Realm class for DES encryption and decryption for passwords. Maybe it is not the best solution, but i have to do it this way...

I'm looking for similar examples developed in Eclipse.

Any more ideas?


Regards
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41863
    
  63
I'd suggest to get the source code of Tomcat and use one of its realm implementations as the basis for your own. You could extend the one that comes closest to what you're trying to do (maybe JDBCRealm or DataSourceRealm - you didn't say where passwords are stored), and add the encryption/decryption functionality to it.

There's nothing Eclipse-specific about this.
Imre Tokai
Ranch Hand

Joined: Jun 04, 2008
Posts: 130
JDBCRealm is the class that needs to be extended.
Passwords should be stored in MySql database.

Examples are welcome!


Regards
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat Realm DES encrypted passwords