-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sreyan,
On 8/29/15 4:54 PM, Sreyan Chakravarty wrote: > Now can you tell me how do I write my own custom credential > handler. Planning one that uses sCrypt. Just create a new class that implements the CredentialHandler interface. Of course, that means you'll have to build against the Tomcat API and you will also have to put your .class file in a JAR file in Tomcat's lib/ directory. If you're writing an scrypt CredentialHandler, consider donating it to the community. It's just two methods: mutate(String) and matches(String,String) so it should be pretty easy to do. > How can I write it and reference that same CredentialHandler in > the context.xml like > > <CredentialHandler class="custom handler"></CredentialHandler> Take a look at the code for SecretKeyCredentialHandler: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catali na/realm/SecretKeyCredentialHandler.java?view=markup That class is mostly accessors and mutators, and the "matches" method mostly delegates to the parent class's "matches" method (which calls back to the SKCH's mutate() method). You may be able to get away with that dispatch strategy and so your class might be as simple as SKCH. I'm happy to help build this CredentialHandler with you. It was my plan to build one a while back, but the fact is that the team doesn't want a compile-time dependency on any particular scrypt library. But it could be put into the Tomcat wiki in source form, or it's possible we could put it into a kind of "contributed" directory in svn that doesn't get built for releases, but is available as source for anyone to use. (Also, a bcrypt-based CredentialHandler would be trivial once an scrypt-based one was done.) Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV5GfQAAoJEBzwKT+lPKRYLDEQAMuFbNuUin3iQnEpdc4NF9YO oWCeK/fLgp9EqhZnId+L7dkMGye1EYOLWg/19wKdxG0eBBknOJxsMibjbjtiZe6y P/afckEkgYdY5uoZLN4ZcoYnN+p4Ex35SNSS2qmkrrgA0MdFhLq6Os21kiYhvDnC 4GgfKvIVt9T18ryoXCWtYVnP3N2YcLo3YzdDLbOgB1uWVhf6VAiPtjdsnnBArqQu b1y8POXXlKsIrBFLo5VKykry0r7fh6E/xBGkhBvqfs3zhtZ2dJo6OW1s4RExebJK uAUUpsa7yCP0QZHIGHcmLj9D7rWY6hxWGc+Az14siMmNDQQpnON+xwf/KxCKCaEw GR0BEIbA5xsuFUPuIeTXiGiMH0rA9A8aPA/EFP6b+VaGZ5jTife2UYj2LYWKyYOh V5vKY5sLHNL+9625zGiHVVz1UTJ7oRXQ+BqUrRPZhdequHUiOtxaHhT3D10lNPJ1 BNHtL6rprLOeC3r4z7PcxqoxmWz9zz8+BOvLPwcmT3MUfEFEXDR6xJletE8uhMrF iaxA5LI+3UDVHFDeMxW9b6up7RfMd+1CC1tOa8LU4uNcd8gkHEf4pGw42uOYPFXo tkG96A58lxUXCujFxNGPkk2mVdzkMASTreG1mhhFhXu14qT1TY93HshX+lrrMxxI SkJAIsJdkFSUrR8k0J3v =zEGV -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
