aspose file tools*
The moose likes Tomcat and the fly likes Custom digest algorithm possible with extended JDBCRealm? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Custom digest algorithm possible with extended JDBCRealm?" Watch "Custom digest algorithm possible with extended JDBCRealm?" New topic
Author

Custom digest algorithm possible with extended JDBCRealm?

Jeff Hall
Greenhorn

Joined: Aug 21, 2007
Posts: 3
Hi all,

I want to tap into Tomcat's authentication features by declaring a JDBCRealm. However, I cannot use the standard MD5 digest to encrypt the user's password. What I need is the ability to intercept the user name and password entered by the user and pass that to a custom class that will yield the encrypted password (we use the Jasypt encryption framework with some custom key generation stuff...so it's not going to work out of the box with a standard JDBCRealm implementation).

So, my question is, do I extend the JDBCRealm class or what? Can someone point me in the right direction?

Thanks!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41488
    
  52
Yes, extending JDBCRealm is the way to go. It in turn inherits setDigest and setDigestEncoding methods from RealmBase that you can use to plug in whatever digest implementation you prefer.

A while ago I wrote an article that talked about setting up Tomcat for using a custom realm; see the end of this article. It extends UserDatabaseRealm, but the overall approach is the same.
[ June 24, 2008: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
Jeff Hall
Greenhorn

Joined: Aug 21, 2007
Posts: 3
Originally posted by Ulf Dittmer:
[QB]Yes, extending JDBCRealm is the way to go. It in turn inherits setDigest and setDigestEncoding methods from RealmBase that you can use to plug in whatever digest implementation you prefer.


Thanks for pointing that out. I'm still trying to understand the Realm framework, and the sequence in which the framework methods are invoked by the Container. Are you able to clarify this for me?

For example, what order are the authenticate(), setDigest(), setDigestEncoding(), and getPassword() methods invoked? I'm not really sure which of these I need to override.

Basically all I need to do is to intercept the cleartext password and pass it to my password encryption class. It has a checkPassword() method that will take the cleartext, and then encrypt it, and compare it to the encrypted version stored in the database.

So, I don't need my custom JDBCRealm to do any encryption, it will just delegate authentication to existing code.

In my server.xml file, I'd like to specify a custom MD5 digest name that my JDBCRealm class will check for before passing it off to my authentication class.

I hope that made sense!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41488
    
  52
I'm not sure about the sequence of invocations, either. But the source to both classes is well documented, and you can always resort to putting some logging statements into them to find out what's being called when.

As to parameters in server.xml being passed - I'm not sure how that happens. JDBCRealm has getters and setters for the connection parameters, which makes it look to me as if Tomcat would look for setters based on the name of whatever parameters it finds. You can try an "algorithm" parameter, and add getAlgorithm/setAlgorithm methods to the class extending JDBCRealm.
Jesper de Jong
Java Cowboy
Saloon Keeper

Joined: Aug 16, 2005
Posts: 14103
    
  16

This is really Tomcat-specific, so I am moving this to the Tomcat forum.


Java Beginners FAQ - JavaRanch SCJP FAQ - The Java Tutorial - Java SE 7 API documentation
Scala Notes - My blog about Scala
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Custom digest algorithm possible with extended JDBCRealm?