No you don't understand what my question was. Say I do something like this-:
String password = request.getParameter("passwd"); long salt = // get salt from SecureRandom String password = salt + password; String hash = encrypt(password) // Use some encryption like bCrypt storeInDb(hash); // Stores it in User Table along with user-id and role Now when I am querying from the database using a DataSourceRealm for example. How do I replicate the exact hashing procedure. I can obviously store the salt value in another column but how can I tell the Realm or CredentialHandler to use the salt and then hash the password there is obviously no salt attribute in the CredentialHandler. So in other words how do I replicate the exact same hashing procedure while retrieving the password to that I used when I was storing the password in the database. Is there a way to use the Realm to insert the user-id and password into the database ? Because that seems like the most straight forward approach. I don't know why there isn't an API for doing just that in Tomcat. What good is having saltlength in CredentialHandler if its not going to use it to create a password. Salts have to be specified differently and Tomcat just cannot assume the first 20 characters (specified in the saltlength property) to be the salt. So how can I store the credentials in the database and get them back using the same hashing procedure ? And why hasn't the documentation included sufficient number of examples of this process. No one seems to know anything about it. I am totally in the dark here. Regards Sreyan Chakravarty On Mon, Aug 24, 2015 at 7:41 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Sreyan, > > On 8/24/15 9:24 AM, Sreyan Chakravarty wrote: > > Okay I know how to authenticate an existing user in a Realm. But > > how the hell do you add a new user to the Realm ? > > That depends upon where your users are stored. > > > For example if a new member registers on the site, how would I add > > that to the Realm ? > > Put that new user into the place where your users are stored? > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJV2yYtAAoJEBzwKT+lPKRYaP4P/RZJkeaT/tb4oKzwLYU31WA4 > nKXof+nd/s16Azvvtj2/iIYrU4nzAKvHCYcn+O1wEAFvxlaw9FzY6Mv9CTW8LPH1 > wP+U/pRx8GTy9TZjs6JuRcZ/OmJKz+MC5Ml/NFck5AQ0g+tr4D3py3t0jyVARPFa > YbRkNaObZhG4i1eHSyUCA6NTCAN5jBvGBQcElfw+SZzqgrm+VXFHso1wGhHWzS1k > noUPaKkuM5Gdy5OpJd8AXByS5gNPuyoAIQoeYL3frsdlJOdB3qVXm6JKePdqSrjD > 46HHhwpu5sGYTosWOqkspjsvhFOfTadg9IJlpNEs8atwhHC5GnTV0TM0IXIYZWGJ > +v+QHOZkvmEiNo13wFlwQB7VP3zxHblSfcWuMQIMDVtxgfWDFHI24xxMsNdOT5Jz > KAyFiFZFk+jOBvwaYrVaq8E8xY17yR5ib9vN5ANz7RCOROIfgkyBnRnLc1uyLTUR > q0VAHnfEhWJdSgstSElDSydduSZXbPW2A3ibm0FSHHUb0g4D/9EAEG8Mncoj4Ps1 > ZTX4Tk60NrF1dyvc1lATrof0yJMD+eHdffOhSxdyxlxhilnGbo8WG72BSDvBJG56 > LhnwDNf963C8x54jHdbnkqQyWZ+8TXEF5On+5BUkb3jTLSpHtMAjFuq7H+CUb+EB > h31ejBRq7m0XmpxKcEkL > =PzsB > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >