Is there existing support in tomcat for a JDBCRealm that takes in a salt?

StackOverflow https://stackoverflow.com/questions/8981475

  •  19-04-2021
  •  | 
  •  

Question

We are currently using tomcat 5.5 and would like to add a salt to our JDBCRealm authentication. I was wondering if there was any existing classes or do we need to extend JDBCRealm and write our own authentication class?

We have the following in our server.xml

<Realm className="org.apache.catalina.realm.JDBCRealm" ...more stuff… />

But it does not look like this class takes in a salt.

Était-ce utile?

La solution

  1. Write your own JDBCRealmWithSalt class that extends JDBCRealm class
  2. Overwrite digest() method (add your salt here)
  3. Put JDBCRealmWithSalt in catalina.jar:org/apache/catalina/realm
  4. <Realm className="org.apache.catalina.realm.JDBCRealmWithSalt"...>

Autres conseils

No existing classes as in built-in to the Tomcat 5.5 APIs, so you will have to use a custom one.

One example can be found at http://eneuwirt.de/2011/05/01/saltawarejdbcrealm/

As of Tomcat 8 for any shipped out-of-the-box Realm you can specify:

  • the desired algorithm
  • the encoding to be used
  • salt
  • number of iterations
  • key length

You would provide these in CATALINA_HOME/bin/digest.[bat|sh]

For more information: https://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top