You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Khawaja Shams <ks...@gmail.com> on 2006/05/17 22:23:56 UTC
Allowing Users to change their passwords
Hello,
We are using the jdbc realm for authentication against a MySQL
instance. The passwords are stored in an MD5 digest format within our
database. I would like to allow our users to change their passwords when
they are using the web application. Is there a clean or preferred way to
compute the MD5 digest of a password on the fly within tomcat? The java
classes within tomcat libraries that I am aware of merely print the digest
on the screen rather than returning it. I would sincerely appreciate any
help.
Regards,
Khawaja Shams
Re: Allowing Users to change their passwords
Posted by digby <li...@digby.net>.
I use the Commons Codec library
(http://jakarta.apache.org/commons/codec/). It's really simple to do
what you want, and there are examples on the site.
Digby
Khawaja Shams wrote:
> Hello,
> We are using the jdbc realm for authentication against a MySQL
> instance. The passwords are stored in an MD5 digest format within our
> database. I would like to allow our users to change their passwords when
> they are using the web application. Is there a clean or preferred way to
> compute the MD5 digest of a password on the fly within tomcat? The java
> classes within tomcat libraries that I am aware of merely print the digest
> on the screen rather than returning it. I would sincerely appreciate any
> help.
>
> Regards,
> Khawaja Shams
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [***Probable Spam***] Allowing Users to change their passwords
Posted by jo...@dancik.com.
Khawaja:
I use the following class to generate an MD5 message digest key from an
input string:
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class SignatureFactory {
private static final char hexDigit[] =
{
'0',
'1',
'2',
'3',
'4',
'5',
'6',
'7',
'8',
'9',
'A',
'B',
'C',
'D',
'E',
'F' };
public static String generateSignature(String targetString) {
// init generated hex string
String signature = "";
try {
// instantiate message digest object
MessageDigest md =
MessageDigest.getInstance("MD5");
// generate message digest byte array for
targetString
byte[] hashBytes =
md.digest(targetString.getBytes());
// loop through byte array and generate hex string
for (int i = 0; i < hashBytes.length; i++) {
signature = signature +
hexDigit[(hashBytes[i] >> 4) & 0x0f];
signature = signature +
hexDigit[(hashBytes[i]) & 0x0f];
}
}
catch (NoSuchAlgorithmException e) {
}
return signature;
}
}
The hexDigit converts the bytes into a hex string, and I just call the
generateSignature wherever I need a key.
Hope this helps.
Thanks,
Johnny
"Khawaja Shams" <ks...@gmail.com>
05/17/2006 04:23 PM
Please respond to
"Tomcat Users List" <us...@tomcat.apache.org>
To
"Tomcat Users List" <us...@tomcat.apache.org>
cc
Subject
[***Probable Spam***] Allowing Users to change their passwords
Hello,
We are using the jdbc realm for authentication against a MySQL
instance. The passwords are stored in an MD5 digest format within our
database. I would like to allow our users to change their passwords when
they are using the web application. Is there a clean or preferred way to
compute the MD5 digest of a password on the fly within tomcat? The java
classes within tomcat libraries that I am aware of merely print the digest
on the screen rather than returning it. I would sincerely appreciate any
help.
Regards,
Khawaja Shams
Re: Allowing Users to change their passwords
Posted by jo...@dancik.com.
Khawaja:
OT - Sorry for the ""Probable Spam" in the title... Almost all of my mail
is tagged as such by my company's nice spam filter...
Thanks,
Johnny
"Khawaja Shams" <ks...@gmail.com>
05/17/2006 04:23 PM
Please respond to
"Tomcat Users List" <us...@tomcat.apache.org>
To
"Tomcat Users List" <us...@tomcat.apache.org>
cc
Subject
[***Probable Spam***] Allowing Users to change their passwords
Hello,
We are using the jdbc realm for authentication against a MySQL
instance. The passwords are stored in an MD5 digest format within our
database. I would like to allow our users to change their passwords when
they are using the web application. Is there a clean or preferred way to
compute the MD5 digest of a password on the fly within tomcat? The java
classes within tomcat libraries that I am aware of merely print the digest
on the screen rather than returning it. I would sincerely appreciate any
help.
Regards,
Khawaja Shams