Yup the API is very easy to but that keeps a compile time dependency. What I mean is that you also need to put the sCrypt jar into you /lib folder. If thats okay then things get really easy.
Regards Sreyan Chakravarty On Mon, Aug 31, 2015 at 10:52 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Sreyen, > > On 8/31/15 12:23 PM, Sreyan Chakravarty wrote: > > Christopher what I am planning to do is getting the source of an > > open source sCrypt library and actually copy pasting the source > > code into the ScryptCredentialHandler.java. Since I am no security > > expert. > > > > Now this eliminates the compile time dependency but if the open > > source scrypt library is updated then the Handler must be updated > > accordingly. > > > > Is that a good design plan ? > > No. > > I wouldn't do that if I were you for a few reasons: > > 1. It might violate the license of the library. > 2. You won't benefit from updates to the library. > 3. You might break the security as you rip it out of one place and > put it into another. > 4. You are mingling the separation of concerns of these two pieces > of code: the scrypt library should handle the crypto, and your > CredentialHandler should handle and plumbing necessary for working > with a Tomcat Realm. > > That scrypt API should be fairly easy to use, right? > > > Also I am confused about how to create the jar. For example I > > create the project in eclipse under say a package called > > test.handler, how do I write my code so that it becomes a part of > > org.catalina.realm ? > > You don't. Just make the class > org.sreyan.tomcat.realm.ScryptCredentialHandler and then bundle it in > your own JAR file -- something like myscrypt.jar -- and then put that > JAR file into Tomcat's lib/ directory. > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJV5I1xAAoJEBzwKT+lPKRY/qkP/RApau14EJJBtijnWRhGXzHu > wrcFq+r/scy+QpXNV0/Z+YbZgN4kGcIGZN+EfprybW9CAyoboOzv4v5fEUXJp+I8 > 6nYYMEP/T3Eirc2j1lpVpWGzJV1orUnP9+/zXDnjI3YwmoIJWCfYfkeJQD58TIbx > 3MzY8xwnfpZS+/RzoyoBIzdSrJ0ML2sZdbFtDWUYKNIRkvangw3S/siiQn1/a5w8 > RmHRO0Haq/BEA5ONrUFWHJZO82H1eBlEs/hSeqHVdT9dAvxevKk30cEOFgzD79uc > VYu8jgnLAEiuUcsdWdmWw3zCGwXSQRBtkpdYYN6ThD8g/VIEAzHFZPcM9qIF2yfU > 14FhVynIm04jindAU7v3Hln7yWxBFb6OrmrjPgLbedzTEF558vHP3L7N1v3nlpzc > bC4Gy7tXarGCRyFvJ7WIR3mAv+Lr2B18k9y1CaLG9SQAxOfQgKp7VEDc76Zdt5t8 > z4PBUvzye/OZN73rb86tIX66L+k8/iRI6OsxGX5eYGdnMxy4Vvmaj+C6k0DRQzCF > p2E5nF99OLRAiXelZZkQj4kr9oBPs8V848LjPxaTE8MCZWmsPV4K5BF/yUtKgjGh > y9MdNglCfJz55c73KBNWZd0HNmq/dNs5SsdQr5rOuPnEPcUAIV41c93aE7msDq2X > x5sL/nOE8QWZQNPoWYAQ > =WwFr > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
