7

We are currently using tomcat 5.5 and would like to add a salt to our JDBCRealm authentication. I was wondering if there was any existing classes or do we need to extend JDBCRealm and write our own authentication class?

We have the following in our server.xml

<Realm className="org.apache.catalina.realm.JDBCRealm" ...more stuff… />

But it does not look like this class takes in a salt.

nos
  • 223,662
  • 58
  • 417
  • 506
Ben
  • 2,771
  • 6
  • 33
  • 45

3 Answers3

3
  1. Write your own JDBCRealmWithSalt class that extends JDBCRealm class
  2. Overwrite digest() method (add your salt here)
  3. Put JDBCRealmWithSalt in catalina.jar:org/apache/catalina/realm
  4. <Realm className="org.apache.catalina.realm.JDBCRealmWithSalt"...>
Mark Ursino
  • 31,209
  • 11
  • 51
  • 83
flacro
  • 46
  • 2
1

No existing classes as in built-in to the Tomcat 5.5 APIs, so you will have to use a custom one.

One example can be found at http://eneuwirt.de/2011/05/01/saltawarejdbcrealm/

rbeede
  • 303
  • 1
  • 3
  • 9
  • 1
    Tomcat 7 may have something out of the box as per http://stackoverflow.com/questions/8053552/tomcat-7-11-jdbcrealm-and-userdatabaserealm-dont-work-together – rbeede Jan 24 '12 at 02:53
  • Sadly, eneuwirt.de is gone now. – Jere Käpyaho Mar 07 '14 at 06:44
  • But the code [lives on](https://github.com/eneuwirt/fbs/blob/master/fbs-security/src/main/java/com/fbs/security/shiro/realm/SaltAwareJdbcRealm.java). – Stijn de Witt Mar 27 '15 at 09:09
0

As of Tomcat 8 for any shipped out-of-the-box Realm you can specify:

  • the desired algorithm
  • the encoding to be used
  • salt
  • number of iterations
  • key length

You would provide these in CATALINA_HOME/bin/digest.[bat|sh]

For more information: https://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html

vasigorc
  • 882
  • 11
  • 22