This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Do you have a custom realm implementation that does this and you want to integrate it with Struts? Or are you looking for one that has these capabilities?
The common approach to storing passwords in a database is not to encrypt them, but to hash (or digest) them. That way they can't be recovered by someone who accesses the DB. It also means that it is supported by Tomcat's realms out of the box.
If for some reason you need to stick with encryption, check out JCE (which is the java API for encryption). Some relevant links are in the http://faq.javaranch.com/java/SecurityFaq including full en-/decryption source code using DES. Note that DES in obsolete and should no longer be used; either AES or TripleDES -both of which are supported by JCE- are much better choices. But as I said above, using hashes/digests is the common way to do this.
Joined: Jun 04, 2008
Thank you for the answer, Ulf:
So, I have a precisely defined task where I need to create and use custom Realm class for DES encryption and decryption for passwords. Maybe it is not the best solution, but i have to do it this way...
I'm looking for similar examples developed in Eclipse.
Any more ideas?
Joined: Mar 22, 2005
I'd suggest to get the source code of Tomcat and use one of its realm implementations as the basis for your own. You could extend the one that comes closest to what you're trying to do (maybe JDBCRealm or DataSourceRealm - you didn't say where passwords are stored), and add the encryption/decryption functionality to it.
There's nothing Eclipse-specific about this.
Joined: Jun 04, 2008
JDBCRealm is the class that needs to be extended. Passwords should be stored in MySql database.
Examples are welcome!
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com