I am trying to authenticate a username and password using j_security_check with tomcat. The postgresql database holds the password encrypted and am not sure (at all) how to compare the plain text password to the encrypted database password.
Thanks in advance!
In your Realm configuration (which I'll assume to be DataSourceRealm as you have not provided any information on your configuration), you can add a digestattribute which will let you choose the hash algorithm (in those understood by your JVM) to apply when tomcat compares the passwords.
There is also some discussion on tomcat's bugzilla to add better implementation (such as bcrypt) here. It is not yet implemented but there is always the possibility to create your own Realm to do it.
