Is there tomcat support for JDBCRealm that accepts salt?

Question

Is there tomcat support for JDBCRealm that accepts salt?

We are currently using tomcat 5.5 and would like to add salt to our JDBCRealm authentication. I was wondering if any existing classes exist or do we need to extend JDBCRealm and write our own authentication class?

Our server.xml server has

<Realm className="org.apache.catalina.realm.JDBCRealm" ...more stuff… />

But it does not look like this class accepts salt.

+7

security tomcat jdbcrealm

Ben Jun 08 '11 at 13:04

source share

3 answers

There are no existing classes built in to the Tomcat 5.5 API, so you have to use a custom one.

One example can be found at http://eneuwirt.de/2011/05/01/saltawarejdbcrealm/

+1

rbeede Jan 24 '12 at 2:53

source share

Like Tomcat 8 for any shipped kingdom, you can specify:

desired algorithm
used encoding
salt
number of iterations
key length

You would provide them at CATALINA_HOME/bin/digest.[bat|sh]

For more information: https://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html

0

vasigorc Aug 14 '16 at 11:39

source share

flacro · Accepted Answer · 2012-02-28T08:57:44+0000

Write your own JDBCRealmWithSalt class that extends the JDBCRealm class
Overwrite digest() method (add salt here)
Put JDBCRealmWithSalt in catalina.jar:org/apache/catalina/realm
<Realm className="org.apache.catalina.realm.JDBCRealmWithSalt"...>

Is there tomcat support for JDBCRealm that accepts salt?

More articles: