Hi.
I have been following this thread loosely, and I have nothing about Tomcat authentication
per se, but maybe now may be the moment to suggest another approach : why not use an
Apache httpd as a front-end to Apache Tomcat, do the user authentication/authorization at
the Apache httpd level (i
"Feel free to do that. You'll have to implement a lot of plumbing code
yourself to use Apache Shiro. (It seems like Tomcat ought to support
Shiro, eh? Maybe we should get together with them to build an
out-of-the-box configurable component in Tomcat)."
Well I don't know that but you people could t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 9/10/15 8:10 AM, Sreyan Chakravarty wrote:
> Yes but that requires implementing your own credential handler.
Sorry, I thought you had implemented your own credential handler.
> But the default one will still have the bug.
Oh, I was jus
Yes but that requires implementing your own credential handler. But the
default one will still have the bug. Right now I am thinking of using an
authentication framework like Apache Shiro.
On Thu, Sep 10, 2015 at 1:48 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sryan,
On 9/9/15 12:50 PM, Sreyan Chakravarty wrote:
> Well I guess now its confirmed that it is a bug. Do you still need
> the code ?
No, I don't think I will.
However, since you wrote your own CredentialHandler, you could merely
patch it to chec
Well I guess now its confirmed that it is a bug. Do you still need the code
?
On Wed, Sep 9, 2015 at 8:55 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Sreyan,
>
> On 9/8/15 6:31 AM, Sreyan Chakravarty wrote:
> > Okay is if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 9/8/15 6:31 AM, Sreyan Chakravarty wrote:
> Okay is if I have stored my password in my DB with SHA256
> encryption, can the credential handler declared in the realm work
> if the it is declared with SHA512 ?
No. SHA256 and SHA512 produce
Okay is if I have stored my password in my DB with SHA256 encryption, can
the credential handler declared in the realm work if the it is declared
with SHA512 ?
As far as I know it must be same algorithm, salt and iterations for the
hash to be matched perfectly.
Now take my case-:
Okay this my
Okay is if I have stored my password in my DB with SHA256 encryption, can
the credential handler declared in the realm work if the it is declared
with SHA512 ?
As far as I know it must be same algorithm, salt and iterations for the
hash to be matched perfectly.
Now take my case-:
Okay this my
