Over a million developers have joined DZone.

Quick tip: Tomcat user realm digested passwords

DZone's Guide to

Quick tip: Tomcat user realm digested passwords

· Java Zone ·
Free Resource

Verify, standardize, and correct the Big 4 + more– name, email, phone and global addresses – try our Data Quality APIs now at Melissa Developer Portal!

Most Tomcat packages include a script ($TOMCAT_HOME/bin/digest.sh or .bat for Windows) that can be used to create a one-way digest of a password. I use this, in conjunction with file permissions, to protect the Tomcat manager password in $TOMCAT_HOME/conf/tomcat-users.xml from prying eyes.

1. To use SHA, update $TOMCAT_HOME/conf/server.xml so that:

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"


<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             digest="SHA" resourceName="UserDatabase"/>

2. Then create your digest by running (replacing credentials with the password you want to digest):

$TOMCAT_HOME/bin/digest -a SHA credentials

This will output the plaintext and then the digested form of the credentials separated by a colon – e.g. for ‘foo’:


3. Take the second part and place this into the password attribute of the user element in tomcat-users.xml – e.g.:

  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="admin"

4. Restart Tomcat for it to take effect.


From http://leanjavaengineering.wordpress.com/2011/02/04/tomcat-digested-passwords/

Developers! Quickly and easily gain access to the tools and information you need! Explore, test and combine our data quality APIs at Melissa Developer Portal – home to tools that save time and boost revenue. 


Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}