-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sreyen,
On 8/31/15 12:23 PM, Sreyan Chakravarty wrote: > Christopher what I am planning to do is getting the source of an > open source sCrypt library and actually copy pasting the source > code into the ScryptCredentialHandler.java. Since I am no security > expert. > > Now this eliminates the compile time dependency but if the open > source scrypt library is updated then the Handler must be updated > accordingly. > > Is that a good design plan ? No. I wouldn't do that if I were you for a few reasons: 1. It might violate the license of the library. 2. You won't benefit from updates to the library. 3. You might break the security as you rip it out of one place and put it into another. 4. You are mingling the separation of concerns of these two pieces of code: the scrypt library should handle the crypto, and your CredentialHandler should handle and plumbing necessary for working with a Tomcat Realm. That scrypt API should be fairly easy to use, right? > Also I am confused about how to create the jar. For example I > create the project in eclipse under say a package called > test.handler, how do I write my code so that it becomes a part of > org.catalina.realm ? You don't. Just make the class org.sreyan.tomcat.realm.ScryptCredentialHandler and then bundle it in your own JAR file -- something like myscrypt.jar -- and then put that JAR file into Tomcat's lib/ directory. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV5I1xAAoJEBzwKT+lPKRY/qkP/RApau14EJJBtijnWRhGXzHu wrcFq+r/scy+QpXNV0/Z+YbZgN4kGcIGZN+EfprybW9CAyoboOzv4v5fEUXJp+I8 6nYYMEP/T3Eirc2j1lpVpWGzJV1orUnP9+/zXDnjI3YwmoIJWCfYfkeJQD58TIbx 3MzY8xwnfpZS+/RzoyoBIzdSrJ0ML2sZdbFtDWUYKNIRkvangw3S/siiQn1/a5w8 RmHRO0Haq/BEA5ONrUFWHJZO82H1eBlEs/hSeqHVdT9dAvxevKk30cEOFgzD79uc VYu8jgnLAEiuUcsdWdmWw3zCGwXSQRBtkpdYYN6ThD8g/VIEAzHFZPcM9qIF2yfU 14FhVynIm04jindAU7v3Hln7yWxBFb6OrmrjPgLbedzTEF558vHP3L7N1v3nlpzc bC4Gy7tXarGCRyFvJ7WIR3mAv+Lr2B18k9y1CaLG9SQAxOfQgKp7VEDc76Zdt5t8 z4PBUvzye/OZN73rb86tIX66L+k8/iRI6OsxGX5eYGdnMxy4Vvmaj+C6k0DRQzCF p2E5nF99OLRAiXelZZkQj4kr9oBPs8V848LjPxaTE8MCZWmsPV4K5BF/yUtKgjGh y9MdNglCfJz55c73KBNWZd0HNmq/dNs5SsdQr5rOuPnEPcUAIV41c93aE7msDq2X x5sL/nOE8QWZQNPoWYAQ =WwFr -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org