I am using JDBCUserRealm form based authentication to log to my system
This stores my user name and password into the database as clear text
I wish to hash digest my password in the database.
but when I try to modify my login page to reflect the changes the brower hangs.
This is what I had done so far.
a) wrote another
jsp page to encrypt the password in the database
b) I tried to insert an iframe object to the login page to capture the password and encrypt it before it is sent for authentication
but this is hanging the browser, everything works fine when i remove the iframe object from the form. when I copied the login page to another name and executed it, it worked the expected way with iframe object(my guess is, when I executed the changed login page the web.xml file is referring to the old file, in another words for the application it is not the login page, so it does not mind)
my login page
----------------
<html>
<form method="POST" name = "loginForm" >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="password"></td>
</tr>
<tr>
<td align="right"><input type="button" value="Log In" onKlick

="hashPassword()"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
<input type="hidden" name="j_password" >
</form>
<iframe name="hashIt" src="getDigest.jsp" width="0" height="0" style="visibility: hidden" />
</html>
for JDBCUserRealm these are a MUST
1) username should be "j_username"
2) password should be "j_password"
3) form action should be "j_security_check"
"getDigest.jsp" page
----------------------
<%@ page import="com.thahir.security.Digest"%>
<%
Digest digest = new Digest();
String password = request.getParameter("password");
if (password == null) {
response.sendRedirect("login.jsp");
return;
}
password = digest.getDigest(password);
%>
<script>
parent.setPassword("<%= password %>");
</script>
java scripts
---------------
function hashPassword() {
password = document.loginForm.password.value;
hashIt.location = "getDigest.jsp?password="+ password;
}
function setPassword(password) {
document.loginForm.j_password.value = password;
window.loginForm.action = "j_security_check";
window.loginForm.submit();
}