Quick tip: Tomcat user realm digested passwords
Quick tip: Tomcat user realm digested passwords
Join the DZone community and get the full member experience.
Join For FreeAtomist automates your software deliver experience. It's how modern teams deliver modern software.
Most Tomcat packages include a script ($TOMCAT_HOME/bin/digest.sh or .bat for Windows) that can be used to create a one-way digest of a password. I use this, in conjunction with file permissions, to protect the Tomcat manager password in $TOMCAT_HOME/conf/tomcat-users.xml from prying eyes.
1. To use SHA, update $TOMCAT_HOME/conf/server.xml so that:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
reads
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
digest="SHA" resourceName="UserDatabase"/>
2. Then create your digest by running (replacing credentials with the password you want to digest):
$TOMCAT_HOME/bin/digest -a SHA credentials
This will output the plaintext and then the digested form of the credentials separated by a colon – e.g. for ‘foo’:
foo:0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33
3. Take the second part and place this into the password attribute of the user element in tomcat-users.xml – e.g.:
<tomcat-users> <role rolename="manager"/> <role rolename="admin"/> <user username="admin" password="0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33" roles="admin,manager"/> </tomcat-users>
4. Restart Tomcat for it to take effect.
From http://leanjavaengineering.wordpress.com/2011/02/04/tomcat-digested-passwords/
Get the open source Atomist Software Delivery Machine and start automating your delivery right there on your own laptop, today!
Like This Article? Read More From DZone
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}