RE: [tomcat]How to decrypt the DIGEST authentication?

[zhongliang zhang]

Thanks  a lot.I think I got another way to solve the group hierarchical 
problem,but I am not sure about it. maybe you can help me to confirm it:I wrote 
the SQL　as followed:create or replace view groupview asselect         
usertable.username,        
decode(usertable.locked,0,'Authorizers','UnAuthorizers') as groupnamefrom       
 usertablewhere in the usertable there is a field named locked that indicates 
whether the user is locked. so now I can allow everyone in the database to 
login to the system if the user is Authorizers,and I judge the user's role.The 
reason I do so is because there are existed API for doing all these and there 
are more than thousand users in the database,though the userid and groupid 
never be the same.Now I got another problem,the password stored in the database 
is encrypted,which is a common way,but the encrypting method is not using some 
sql script but SHA.So,How can I parse the clear-text that  I input to SHA 
password and then compare with that stored
  in the database? Is there a way that I can capture the clear-text password 
and using SHA to encode it then compare it with the password stored in the 
database?
 
thanks in advance!
> Date: Wed, 31 Oct 2007 10:51:42 +0000> From: [EMAIL PROTECTED]> To: 
> users@tomcat.apache.org> Subject: Re: [tomcat]How to decrypt the DIGEST 
> authentication?> > zhongliang zhang wrote:> >> But the application allows 
> creating new group,how do I solve this problem?> > What problem? You need to 
> say what the problem is if we are going to be> able to help.> > web.xml 
> doesn't support the dynamic addition of new groups. Further, the> Realm 
> doesn't understand the concept of hierarchical groups.> > > Only the member 
> of group "administrators" have access to the adminitrative page,and other 
> groups,like "groupA","groupB",... the member of which only have rights to 
> login to the common page.so in the web.xml,I configure like the following:> > 
> <security-constraint> <web-resource-collection> 
> <web-resource-name>all</web-resource-name> <url-pattern>/admin</url-pattern> 
> </web-resource-collection> <auth-constraint> 
> <role-name>Administrators</role-name> </auth-constraint> 
> </security-constraint> <s
 ecurity-constraint> <web-resource-collection> 
<web-resource-name>all</web-resource-name> <url-pattern>/common</url-pattern> 
</web-resource-collection> <auth-constraint> <role-name>??????</role-name> 
</auth-constraint> </security-constraint>> > <login-config> 
<auth-method>DIGEST</auth-method> <realm-name>JDBCRealm</realm-name> 
</login-config>> > > > How should I configure the "??????" part? and further 
more,It has a inherency relationship between groups, If "Administrators" group 
contains "groupA",then the members of "groupA" have the administrative 
privilege,too. That means a group's member can be either a group or a user.In 
the former situation,It does a tree-search to check whether a user belongs to 
the "Administrators" group,now,if I use a configuration file,how did I do this 
check?> > There is, however, a way around this. It should be OK for small (few> 
thousand groups and users) but it might not scale very well. The SQL below> is 
non-optimal but it should give you the i
 dea.> > Use <role-name>Non-Administrators</role-name> for the common area.> > 
You'll need to modify your server-side SQL some. Again, I don't have an> Oracle 
instance to test with so I am going from memory / Google. The syntax> may not 
be quite right. This assumes that your groupids are never the same> as your 
userids.> > CREATE or REPLACE VIEW vAdminGroups AS> SELECT groupid> FROM 
grouptable> START WITH groupname='Administrators'> CONNECT BY PRIOR 
userid=groupid;> > CREATE or REPLACE VIEW vAdminUsers AS> SELECT u.userid as 
userid, username, 'Administrators' as groupname> FROM usertable u, vAdminGroups 
g> WHERE u.userid = g.userid;> > CREATE or REPLACE VIEW vNonAdminUsers AS> 
SELECT username, 'NonAdministrators' as groupname> FROM usertable> WHERE userid 
NOT IN (SELECT userid from vAdminUsers);> > CREATE or REPLACE VIEW vUserRole 
AS> SELECT * FROM vAdminUsers> UNION> SELECT * FROM vNonAdminUsers;> > Hope 
this helps.> > Mark> > > ----------------------------------------------
 -----------------------> To start a new topic, e-mail: 
users@tomcat.apache.org> To unsubscribe, e-mail: [EMAIL PROTECTED]> For 
additional commands, e-mail: [EMAIL PROTECTED]> 
_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. 
It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us