You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Khawaja Shams <ks...@gmail.com> on 2006/05/17 22:23:56 UTC

Allowing Users to change their passwords

Hello,
    We are using the jdbc realm for authentication against a MySQL
instance.  The passwords are stored in an MD5 digest format within our
database.  I would like to allow our users to change their passwords when
they are using the web application.  Is there a clean or preferred way to
compute the MD5 digest of a password on the fly within tomcat? The java
classes within tomcat libraries that I am aware of merely print the digest
on the screen rather than returning it. I would sincerely appreciate any
help.

Regards,
Khawaja Shams

Re: Allowing Users to change their passwords

Posted by digby <li...@digby.net>.
I use the Commons Codec library 
(http://jakarta.apache.org/commons/codec/). It's really simple to do 
what you want, and there are examples on the site.

Digby

Khawaja Shams wrote:
> Hello,
>    We are using the jdbc realm for authentication against a MySQL
> instance.  The passwords are stored in an MD5 digest format within our
> database.  I would like to allow our users to change their passwords when
> they are using the web application.  Is there a clean or preferred way to
> compute the MD5 digest of a password on the fly within tomcat? The java
> classes within tomcat libraries that I am aware of merely print the digest
> on the screen rather than returning it. I would sincerely appreciate any
> help.
> 
> Regards,
> Khawaja Shams
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: [***Probable Spam***] Allowing Users to change their passwords

Posted by jo...@dancik.com.
Khawaja:

I use the following class to generate an MD5 message digest key from an 
input string:


import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class SignatureFactory {

        private static final char hexDigit[] =
                {
                        '0',
                        '1',
                        '2',
                        '3',
                        '4',
                        '5',
                        '6',
                        '7',
                        '8',
                        '9',
                        'A',
                        'B',
                        'C',
                        'D',
                        'E',
                        'F' };

        public static String generateSignature(String targetString) {

                // init generated hex string
                String signature = "";

                try {

                        // instantiate message digest object
                        MessageDigest md = 
MessageDigest.getInstance("MD5");

                        // generate message digest byte array for 
targetString
                        byte[] hashBytes = 
md.digest(targetString.getBytes());

                        // loop through byte array and generate hex string
                        for (int i = 0; i < hashBytes.length; i++) {
                                signature = signature + 
hexDigit[(hashBytes[i] >> 4) & 0x0f];
                                signature = signature + 
hexDigit[(hashBytes[i]) & 0x0f];
                        }

                }

                catch (NoSuchAlgorithmException e) {
                }

                return signature;

        }

}


The hexDigit converts the bytes into a hex string, and I just call the 
generateSignature wherever I need a key.

Hope this helps.

Thanks,
Johnny





"Khawaja Shams" <ks...@gmail.com> 
05/17/2006 04:23 PM
Please respond to
"Tomcat Users List" <us...@tomcat.apache.org>


To
"Tomcat Users List" <us...@tomcat.apache.org>
cc

Subject
[***Probable Spam***] Allowing Users to change their passwords






Hello,
    We are using the jdbc realm for authentication against a MySQL
instance.  The passwords are stored in an MD5 digest format within our
database.  I would like to allow our users to change their passwords when
they are using the web application.  Is there a clean or preferred way to
compute the MD5 digest of a password on the fly within tomcat? The java
classes within tomcat libraries that I am aware of merely print the digest
on the screen rather than returning it. I would sincerely appreciate any
help.

Regards,
Khawaja Shams

Re: Allowing Users to change their passwords

Posted by jo...@dancik.com.
Khawaja:

OT - Sorry for the ""Probable Spam" in the title...  Almost all of my mail 
is tagged as such by my company's nice spam filter...

Thanks,
Johnny





"Khawaja Shams" <ks...@gmail.com> 
05/17/2006 04:23 PM
Please respond to
"Tomcat Users List" <us...@tomcat.apache.org>


To
"Tomcat Users List" <us...@tomcat.apache.org>
cc

Subject
[***Probable Spam***] Allowing Users to change their passwords






Hello,
    We are using the jdbc realm for authentication against a MySQL
instance.  The passwords are stored in an MD5 digest format within our
database.  I would like to allow our users to change their passwords when
they are using the web application.  Is there a clean or preferred way to
compute the MD5 digest of a password on the fly within tomcat? The java
classes within tomcat libraries that I am aware of merely print the digest
on the screen rather than returning it. I would sincerely appreciate any
help.

Regards,
Khawaja Shams