No you don't understand what my question was. Say I do something like this-:
String password = request.getParameter("passwd");
long salt = // get salt from SecureRandom
String password = salt + password;
String hash = encrypt(password) // Use some encryption like bCrypt
storeInDb(hash); // Stores it in User Table along with user-id and role
Now when I am querying from the database using a DataSourceRealm for
example. How do I replicate the exact hashing procedure. I can obviously
store the salt value in another column but how can I tell the Realm or
CredentialHandler to use the salt and then hash the password there is
obviously no salt attribute in the CredentialHandler.
So in other words how do I replicate the exact same hashing procedure while
retrieving the password to that I used when I was storing the password in
the database.
Is there a way to use the Realm to insert the user-id and password into the
database ?
Because that seems like the most straight forward approach. I don't know
why there isn't an API for doing just that in Tomcat.
What good is having saltlength in CredentialHandler if its not going to use
it to create a password.
Salts have to be specified differently and Tomcat just cannot assume the
first 20 characters (specified in the saltlength property) to be the salt.
So how can I store the credentials in the database and get them back using
the same hashing procedure ?
And why hasn't the documentation included sufficient number of examples of
this process.
No one seems to know anything about it. I am totally in the dark here.
Regards
Sreyan Chakravarty
On Mon, Aug 24, 2015 at 7:41 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Sreyan,
>
> On 8/24/15 9:24 AM, Sreyan Chakravarty wrote:
> > Okay I know how to authenticate an existing user in a Realm. But
> > how the hell do you add a new user to the Realm ?
>
> That depends upon where your users are stored.
>
> > For example if a new member registers on the site, how would I add
> > that to the Realm ?
>
> Put that new user into the place where your users are stored?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJV2yYtAAoJEBzwKT+lPKRYaP4P/RZJkeaT/tb4oKzwLYU31WA4
> nKXof+nd/s16Azvvtj2/iIYrU4nzAKvHCYcn+O1wEAFvxlaw9FzY6Mv9CTW8LPH1
> wP+U/pRx8GTy9TZjs6JuRcZ/OmJKz+MC5Ml/NFck5AQ0g+tr4D3py3t0jyVARPFa
> YbRkNaObZhG4i1eHSyUCA6NTCAN5jBvGBQcElfw+SZzqgrm+VXFHso1wGhHWzS1k
> noUPaKkuM5Gdy5OpJd8AXByS5gNPuyoAIQoeYL3frsdlJOdB3qVXm6JKePdqSrjD
> 46HHhwpu5sGYTosWOqkspjsvhFOfTadg9IJlpNEs8atwhHC5GnTV0TM0IXIYZWGJ
> +v+QHOZkvmEiNo13wFlwQB7VP3zxHblSfcWuMQIMDVtxgfWDFHI24xxMsNdOT5Jz
> KAyFiFZFk+jOBvwaYrVaq8E8xY17yR5ib9vN5ANz7RCOROIfgkyBnRnLc1uyLTUR
> q0VAHnfEhWJdSgstSElDSydduSZXbPW2A3ibm0FSHHUb0g4D/9EAEG8Mncoj4Ps1
> ZTX4Tk60NrF1dyvc1lATrof0yJMD+eHdffOhSxdyxlxhilnGbo8WG72BSDvBJG56
> LhnwDNf963C8x54jHdbnkqQyWZ+8TXEF5On+5BUkb3jTLSpHtMAjFuq7H+CUb+EB
> h31ejBRq7m0XmpxKcEkL
> =PzsB
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
