Is there existing support in tomcat for a JDBCRealm that takes in a salt?

2018-06-18 18:35:34

We are currently using tomcat 5.5 and would like to add a salt to our JDBCRealm authentication. I was wondering if there was any existing classes or do we need to extend JDBCRealm and write our own authentication class?

We have the following in our server.xml

<Realm className="org.apache.catalina.realm.JDBCRealm" ...more stuff… />

But it does not look like this class takes in a salt.

Write your own JDBCRealmWithSalt class that extends JDBCRealm class

Overwrite digest() method (add your salt here)

Put JDBCRealmWithSalt in catalina.jar:org/apache/catalina/realm

<Realm className="org.apache.catalina.realm.JDBCRealmWithSalt"...>

No existing classes as in built-in to the Tomcat 5.5 APIs, so you will have to use a custom one.

One example can be found at http://eneuwirt.de/2011/05/01/saltawarejdbcrealm/

As of Tomcat 8 for any shipped out-of-the-box Realm you can specify:

the desired algorithm

the encoding to be used

salt

number of iterations

key length

You would provide these in CATALINA_HOME/bin/digest.[bat|sh]

For more information: https://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html

链接地址: http://www.djcxy.com/p/52918.html

上一篇: 调试可视化器在预览中使用成员方法/函数调用？

下一篇: 在一个JDBCRealm中有一个接受盐的支持吗？