How do I use MD5 passwords with a JDBC Realm for Tomcat?
Author: Deron Eriksson
Description: This Tomcat tutorial describes how to configure Tomcat to use a MD5 digest passwords with a JDBC Realm.
Tutorial created using: Windows XP || JDK 1.5.0_09 || Eclipse Web Tools Platform 2.0 (Eclipse 3.3.0) || Tomcat 5.5.20


Page: < 1 2

(Continued from page 1)

Now, I'll start up TomcatSW. I'll try hitting the Tomcat manager application, which requires a user who has the 'manager' role.

First, I'll try my user 'deron' with password 'deronpass'.

attempting to log on as 'deron' with password 'deronpass'

However, I am unable to log on as deron/deronpass. This is because even though 'deron' is a valid user with the 'manager' role, the password in the databaseW isn't the MD5W digest version of the password (since it is the actual password rather than the digest).

Now, let's try logging on as 'curly' with password 'secret'.

logging on as 'curly' with password 'secret'

This time, I was able to successfully log on to the Tomcat manager application.

successfully logged on to Tomcat manager application

To authenticate, Tomcat took the user name and the password from the Basic authentication pop-up window. It computed the MD5 digest of the password. It queried the JDBCW realm database and found the user name and MD5 digest in the tomcat_users table. Since the MD5 digests matched, Tomcat knew that the 'secret' password was correct for 'curly'. Tomcat could proceed to check that 'curly' had the 'manager' role. Once this was verified, the user was given access to the manager application.

We've seen in this tutorial that enabling the use of MD5 digests of passwords in Tomcat for a JDBC realm is very straightforward.

Page: < 1 2