Hello Chris, Thanks once again.
I can currently initialize a MessageDigestCredentialHandler object with my desired salt, iteration and algorithm parameters and then call the handler's mutate() method before inserting the password into my database. And, from a servlet, the HttpServletRequest Object's login() (for example) method works when inputting the user_name and plain text password. However, I am still struggling to create my database input ({salt}:{iterations}:{hash}) without inputting my desired parameter (iterations, saltLength, etc.) to a MessageDigestCredentialHandler, but rather by getting these parameters (or the CredentialHandler itself) from the servlet. Without being able to do this, I don't see the purpose of specifying these parameters in the nested <CredentialHandler> element within the <Realm> element of the context.xml file (these parameters are retrieved from the "storedCredential" when authenticating meaning they're not used when a method such as request.login() is performed). The way my code is now there is no purpose to specifying saltLength and iterations in the context.xml file. Thanks _ Yuval On Fri, May 22, 2015 at 8:17 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Yuval, > > On 5/22/15 9:54 AM, Yuval Schwartz wrote: > > I wasn't aware that I can look at the actual classes but I wasn't > > able to find a precompiled version of RealmBase for tomcat 8. > > You mean you didn't know you could look at the source code for Tomcat? > It's open-source software, like like everything else at the Apache > Software Foundation. Here's a link directly into the Subversion > repository for the RealmBase code: > http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catali > na/realm/RealmBase.java?view=markup > > You can also pull the whole source tree from Subversion, or download a > source distribution: > http://tomcat.apache.org/download-80.cgi#Source_Code_Distributions > > > The following is a link to the class of version 7 (which doesn't > > include the CredentialHandler code): > > http://grepcode.com/file/repository.springsource.com/org.apache.catali > na/com.springsource.org.apache.catalina/7.0.26/org/apache/catalina/realm > /RealmBase > > Looking > > > at Tomcat 7 won't help, as you said: the CredentialHandler > code is not in there. > > > When I try to view this file from my netbeans IDE (which is the > > correct version), I get the compiled version. Do you know how I can > > view the file that's not compiled? > > See above. This is the beauty of open source software :) > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJVX2SPAAoJEBzwKT+lPKRYxVAQAL4tp2cWv/xcVjEQ1BgnTAFT > tlnBrBwVxRQvUsemByZ4DzGSQmkR6LFXFc0P95BLx7XBUB9AymGAL2CQdFevg3ah > AUtwChNzu2Bfeu05fShHUNAGeJhArfxOpkYGtGX5VnD96XnyKCcTe2fME4vPm9hs > 8VqsYr9bRLx0AhVmC2HgGan60DPGIjb/ZvFagS5nZDtj3/ZlYz+kkrN51POVcFXe > EpWZi5lNBUNdeN1Dq+IbD9OqAkZJE/OjB2xdPPRGZfBeuXnzA97W2DrjCNTUpBHL > wYsSxBoWjFVXtClZrn1Tkr1E72nWtKNu7mai7nou996c3oCvIZS92ev8SOIfb512 > BduEhPYeGI4vcTOv+Vtn02TTCApFjqD+OAxWfKtkT+Moau4L63qOeEedWKs9byVp > lRKep137+ljyBDZXd9scArIs5RLShZBybkTTgyBc6v6ZJFsQiIF5Z3ow3Ox8v3u4 > w0gucKdiMEfQIorlmkCUgCUQDfzotammyaCg4O69N4dU7Okcla7Jpl1blv0YHCFf > xnHVc0wXHQwRWdS+kJOsis8ScivXU5lYOS7vsRR3ZtKOadzE1rO4INHljpdK1G1T > qySaZO0MH3k4BA3Gq1VIXpld2q7bWcEE8kaAiLl17LlBzSbGMSBik3uxl9PmF32N > jjnMtokx3RX4oi1KaAD9 > =18f6 > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >