Hello Chris,
Thanks once again.
I can currently initialize a MessageDigestCredentialHandler object with my
desired salt, iteration and algorithm parameters and then call the
handler's mutate() method before inserting the password into my database.
And, from a servlet, the HttpServletRequest Object's login() (for example)
method works when inputting the user_name and plain text password.
However, I am still struggling to create my database input
({salt}:{iterations}:{hash}) without inputting my desired parameter
(iterations, saltLength, etc.) to a MessageDigestCredentialHandler, but
rather by getting these parameters (or the CredentialHandler itself) from
the servlet.
Without being able to do this, I don't see the purpose of specifying these
parameters in the nested <CredentialHandler> element within the <Realm>
element of the context.xml file (these parameters are retrieved from the
"storedCredential" when authenticating meaning they're not used when a
method such as request.login() is performed).
The way my code is now there is no purpose to specifying saltLength and
iterations in the context.xml file.
Thanks
_
Yuval
On Fri, May 22, 2015 at 8:17 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Yuval,
>
> On 5/22/15 9:54 AM, Yuval Schwartz wrote:
> > I wasn't aware that I can look at the actual classes but I wasn't
> > able to find a precompiled version of RealmBase for tomcat 8.
>
> You mean you didn't know you could look at the source code for Tomcat?
> It's open-source software, like like everything else at the Apache
> Software Foundation. Here's a link directly into the Subversion
> repository for the RealmBase code:
> http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catali
> na/realm/RealmBase.java?view=markup
>
> You can also pull the whole source tree from Subversion, or download a
> source distribution:
> http://tomcat.apache.org/download-80.cgi#Source_Code_Distributions
>
> > The following is a link to the class of version 7 (which doesn't
> > include the CredentialHandler code):
> > http://grepcode.com/file/repository.springsource.com/org.apache.catali
> na/com.springsource.org.apache.catalina/7.0.26/org/apache/catalina/realm
> /RealmBase
>
> Looking
> >
> at Tomcat 7 won't help, as you said: the CredentialHandler
> code is not in there.
>
> > When I try to view this file from my netbeans IDE (which is the
> > correct version), I get the compiled version. Do you know how I can
> > view the file that's not compiled?
>
> See above. This is the beauty of open source software :)
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJVX2SPAAoJEBzwKT+lPKRYxVAQAL4tp2cWv/xcVjEQ1BgnTAFT
> tlnBrBwVxRQvUsemByZ4DzGSQmkR6LFXFc0P95BLx7XBUB9AymGAL2CQdFevg3ah
> AUtwChNzu2Bfeu05fShHUNAGeJhArfxOpkYGtGX5VnD96XnyKCcTe2fME4vPm9hs
> 8VqsYr9bRLx0AhVmC2HgGan60DPGIjb/ZvFagS5nZDtj3/ZlYz+kkrN51POVcFXe
> EpWZi5lNBUNdeN1Dq+IbD9OqAkZJE/OjB2xdPPRGZfBeuXnzA97W2DrjCNTUpBHL
> wYsSxBoWjFVXtClZrn1Tkr1E72nWtKNu7mai7nou996c3oCvIZS92ev8SOIfb512
> BduEhPYeGI4vcTOv+Vtn02TTCApFjqD+OAxWfKtkT+Moau4L63qOeEedWKs9byVp
> lRKep137+ljyBDZXd9scArIs5RLShZBybkTTgyBc6v6ZJFsQiIF5Z3ow3Ox8v3u4
> w0gucKdiMEfQIorlmkCUgCUQDfzotammyaCg4O69N4dU7Okcla7Jpl1blv0YHCFf
> xnHVc0wXHQwRWdS+kJOsis8ScivXU5lYOS7vsRR3ZtKOadzE1rO4INHljpdK1G1T
> qySaZO0MH3k4BA3Gq1VIXpld2q7bWcEE8kaAiLl17LlBzSbGMSBik3uxl9PmF32N
> jjnMtokx3RX4oi1KaAD9
> =18f6
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
