1

I know that $CATALINE_HOME/bin/digest.sh is used to generate hashed passwords which can be used in tomcat_users.xml but how can I implement the same behavior where I am using embedded tomcat in the project as it doesn't have bin/digest.sh?

UPDATE:

I found that RealmBase.java of tomcat has a method digest() which does equivalent to what digest.sh does, however, it's deprecated since tomcat 9 and I am using tomcat 9. Does anyone know what the new implementation for this method is?

livesamarthgupta
  • 192
  • 1
  • 2
  • 9
  • Does this answer your question? [How can I utilize the same credential handler configuration for my application's container in generating new password hashes?](https://stackoverflow.com/questions/30490893/how-can-i-utilize-the-same-credential-handler-configuration-for-my-applications) – Piotr P. Karwasz Dec 29 '21 at 20:44

2 Answers2

1

The central method for dealing with hashed passwords is CredentialHandler#mutate, which is also the one used by digest.sh. It transforms the supplied password into its stored form.

You can retrieve the CredentialHandler in many ways:

  • from the Tomcat object, using tomcat.getEngine().getRealm().getCredentialHandler(). For this to work you need to start the Realm if it is not running,
  • from a servlet, by retrieving the Globals.CREDENTIAL_HANDLER ("org.apache.catalina.CredentialHandler") servlet context attribute.
Piotr P. Karwasz
  • 12,857
  • 3
  • 20
  • 43
0

digest.sh is used to generate password hashes. If you need to generate password hashes, just download tomcat archive from the Tomcat's homepage and run the script.

Embedded Tomcat does not have this script.

Igor Mukhin
  • 15,014
  • 18
  • 52
  • 61
  • I have a project that uses embedded-tomcat, now the requirement is to encrypt the password for tomcat-users.xml, programmatically I was able to set the plain-text password using tomcat-embed api and also if manually set the hashed password I am able to fetch using `org.apache.catalina.realm.MessageDigestCredentialHandler;` class but is there any similar class which encrypts the string similar to what digest.sh is doing manually. – livesamarthgupta Oct 20 '21 at 12:58