• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Custom digest algorithm possible with extended JDBCRealm?

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I want to tap into Tomcat's authentication features by declaring a JDBCRealm. However, I cannot use the standard MD5 digest to encrypt the user's password. What I need is the ability to intercept the user name and password entered by the user and pass that to a custom class that will yield the encrypted password (we use the Jasypt encryption framework with some custom key generation stuff...so it's not going to work out of the box with a standard JDBCRealm implementation).

So, my question is, do I extend the JDBCRealm class or what? Can someone point me in the right direction?

Thanks!
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, extending JDBCRealm is the way to go. It in turn inherits setDigest and setDigestEncoding methods from RealmBase that you can use to plug in whatever digest implementation you prefer.

A while ago I wrote an article that talked about setting up Tomcat for using a custom realm; see the end of this article. It extends UserDatabaseRealm, but the overall approach is the same.
[ June 24, 2008: Message edited by: Ulf Dittmer ]
 
Jeff Hall
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ulf Dittmer:
[QB]Yes, extending JDBCRealm is the way to go. It in turn inherits setDigest and setDigestEncoding methods from RealmBase that you can use to plug in whatever digest implementation you prefer.



Thanks for pointing that out. I'm still trying to understand the Realm framework, and the sequence in which the framework methods are invoked by the Container. Are you able to clarify this for me?

For example, what order are the authenticate(), setDigest(), setDigestEncoding(), and getPassword() methods invoked? I'm not really sure which of these I need to override.

Basically all I need to do is to intercept the cleartext password and pass it to my password encryption class. It has a checkPassword() method that will take the cleartext, and then encrypt it, and compare it to the encrypted version stored in the database.

So, I don't need my custom JDBCRealm to do any encryption, it will just delegate authentication to existing code.

In my server.xml file, I'd like to specify a custom MD5 digest name that my JDBCRealm class will check for before passing it off to my authentication class.

I hope that made sense!
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not sure about the sequence of invocations, either. But the source to both classes is well documented, and you can always resort to putting some logging statements into them to find out what's being called when.

As to parameters in server.xml being passed - I'm not sure how that happens. JDBCRealm has getters and setters for the connection parameters, which makes it look to me as if Tomcat would look for setters based on the name of whatever parameters it finds. You can try an "algorithm" parameter, and add getAlgorithm/setAlgorithm methods to the class extending JDBCRealm.
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is really Tomcat-specific, so I am moving this to the Tomcat forum.
 
reply
    Bookmark Topic Watch Topic
  • New Topic