You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by amit <am...@realityinfo.com> on 2001/03/07 06:46:05 UTC
Form Based Authentication with Encryption
Hi All,
I'm using tomcat 4.0 Beta1.
I successfully tested out the form based authentication provided with tomcat.
But , the main problem with it is : It uses plain text to store users,roles and passwords
in the "tomcat-users.xml" file placed in TOMCAT_HOME\conf.
Is there any plugin for tomcat to encrypt the passwords stored in this file ?
or is there any round-about to do so.
Thanking you in advance.
With Regards,
-Amit
E-Mail:amitrb@indiainfo.com
Sansui Software Pvt. Ltd.,Pune
Re: Form Based Authentication with Encryption
Posted by Andrew Robson <an...@netscapeonline.co.uk>.
Hi Amit,
I'm using 3.2 so details may vary.
What you want to do is write your own authentication module.
Easier than it sounds. Just take a copy of the authentication module you
are using (SimpleRealm?) to use as a base for your own code. Add in
the functionality you want, compile and include in TOMCAT_HOME/lib/webserver.jar
Edit server.xml to use your custom authentication module.
Also, I'd recommend you look at JDBCRealm so that you can store usernames
and passwords in a database. Quite apart from the other advantages you may
then be able to take advantage of the db's encryption facilities (e.g. MySql's
Password function) and save yourself the bother of writing your own.
Hope this helps
Andrew
On Wed, 07 Mar 2001, you wrote:
>
> Hi All,
>
> I'm using tomcat 4.0 Beta1.
> I successfully tested out the form based authentication provided with tomcat.
>
> But , the main problem with it is : It uses plain text to store users,roles and passwords
> in the "tomcat-users.xml" file placed in TOMCAT_HOME\conf.
>
> Is there any plugin for tomcat to encrypt the passwords stored in this file ?
> or is there any round-about to do so.
>
> Thanking you in advance.
>
> With Regards,
> -Amit
> E-Mail:amitrb@indiainfo.com
> Sansui Software Pvt. Ltd.,Pune
>
----------------------------------------
Content-Type: text/html; name="unnamed"
Content-Transfer-Encoding: quoted-printable
Content-Description:
----------------------------------------
CLASSPATH for beans same as for JSPs/Jasper?
Posted by David Wall <dw...@myEastside.com>.
I running Tomcat 3.2.1 on Linux and when I look at the Jasper log file it
shows a classpath for each JSP page that includes the WEB-INF/classes and
all of the jar files in WEB-INF/lib.
This is great, but it doesn't seem like that classpath is available to the
javabeans that my JSPs use. Does that make sense? Is the classpath only
setup for the JSPs (and if not, why does Jasper report the classpath setting
for each JSP page invoked?)?
I've found that I have to include the same JAR files in the classpath when I
start tomcat so that the beans can also find those classes. Is that the
only way to do it, or should my beans be able to use the same classpath
shown by Jasper built from the WEB-INF contents?
David