Quick tip: Tomcat user realm digested passwords
Quick tip: Tomcat user realm digested passwords
Join the DZone community and get the full member experience.
Join For FreeHow do you break a Monolith into Microservices at Scale? This ebook shows strategies and techniques for building scalable and resilient microservices.
Most Tomcat packages include a script ($TOMCAT_HOME/bin/digest.sh or .bat for Windows) that can be used to create a one-way digest of a password. I use this, in conjunction with file permissions, to protect the Tomcat manager password in $TOMCAT_HOME/conf/tomcat-users.xml from prying eyes.
1. To use SHA, update $TOMCAT_HOME/conf/server.xml so that:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
reads
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
digest="SHA" resourceName="UserDatabase"/>
2. Then create your digest by running (replacing credentials with the password you want to digest):
$TOMCAT_HOME/bin/digest -a SHA credentials
This will output the plaintext and then the digested form of the credentials separated by a colon – e.g. for ‘foo’:
foo:0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33
3. Take the second part and place this into the password attribute of the user element in tomcat-users.xml – e.g.:
<tomcat-users> <role rolename="manager"/> <role rolename="admin"/> <user username="admin" password="0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33" roles="admin,manager"/> </tomcat-users>
4. Restart Tomcat for it to take effect.
From http://leanjavaengineering.wordpress.com/2011/02/04/tomcat-digested-passwords/
How do you break a Monolith into Microservices at Scale? This ebook shows strategies and techniques for building scalable and resilient microservices.
Like This Article? Read More From DZone
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}