• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

JDBCUserRealm question

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am using JDBCUserRealm form based authentication to log to my system
This stores my user name and password into the database as clear text
I wish to hash digest my password in the database.
but when I try to modify my login page to reflect the changes the brower hangs.
This is what I had done so far.
a) wrote another jsp page to encrypt the password in the database
b) I tried to insert an iframe object to the login page to capture the password and encrypt it before it is sent for authentication
but this is hanging the browser, everything works fine when i remove the iframe object from the form. when I copied the login page to another name and executed it, it worked the expected way with iframe object(my guess is, when I executed the changed login page the web.xml file is referring to the old file, in another words for the application it is not the login page, so it does not mind)

my login page
----------------
<html>
<form method="POST" name = "loginForm" >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="password"></td>
</tr>
<tr>
<td align="right"><input type="button" value="Log In" onKlick ="hashPassword()"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
<input type="hidden" name="j_password" >
</form>
<iframe name="hashIt" src="getDigest.jsp" width="0" height="0" style="visibility: hidden" />
</html>
for JDBCUserRealm these are a MUST
1) username should be "j_username"
2) password should be "j_password"
3) form action should be "j_security_check"

"getDigest.jsp" page
----------------------
<%@ page import="com.thahir.security.Digest"%>
<%
Digest digest = new Digest();
String password = request.getParameter("password");
if (password == null) {
response.sendRedirect("login.jsp");
return;
}
password = digest.getDigest(password);
%>
<script>
parent.setPassword("<%= password %>");
</script>

java scripts
---------------
function hashPassword() {
password = document.loginForm.password.value;
hashIt.location = "getDigest.jsp?password="+ password;
}
function setPassword(password) {
document.loginForm.j_password.value = password;
window.loginForm.action = "j_security_check";
window.loginForm.submit();
}
 
Sheriff
Posts: 67753
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the Ranch aakil!
You'll find this forum a great place to seek help on JSP pages, and there aren't many rules you'll have to worry about, but one is that proper names are required. Please take a look at the JavaRanch Naming Policy and change your display name to match it. (In your case, 'kk' is not a valid last name).
Thanks!
bear
JSP Forum Bartender
 
Bear Bibeault
Sheriff
Posts: 67753
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Now on to your question. You did not mention which servlet container you are using. I am assuming Tomcat?
bear
 
aakil
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
sorry about the display name thing
I am working on Jetty server
 
Can you hear that? That's my theme music. I don't know where it comes from. Check under this tiny ad:
New web page for Paul's Rocket Mass Heaters movies
https://coderanch.com/t/785239/web-page-Paul-Rocket-Mass
reply
    Bookmark Topic Watch Topic
  • New Topic