澳门新葡新京官方网站

The CredentialHandler Component

Table of Contents

Introduction

The CredentialHandler element represents the component used by a Realm to compare a provided credential such as a password with the version of the credential stored by the Realm. The CredentialHandler can also be used to generate a new stored version of a given credential that would be required, for example, when adding a new user to a Realm澳门新葡新京官方网站 or when changing a user's password.

A CredentialHandler element MUST be nested inside a Realm component. If it is not included, a default CredentialHandler will be created using the MessageDigestCredentialHandler.

Attributes

Common Attributes

All implementations of CredentialHandler support the following attributes:

Attribute Description
className

Java class name of the implementation to use. This class must implement the org.apache.catalina.CredentialHandler澳门新葡新京官方网站 interface.

Unlike most Catalina components, there are several standard CredentialHandler implementations available. As a result, if a CredentialHandler element is present then the className澳门新葡新京官方网站 attribute MUST be used to select the implementation you wish to use.

MessageDigestCredentialHandler

The MessageDigestCredentialHandler澳门新葡新京官方网站 is used when stored passwords are protected by a message digest. This credential handler supports the following forms of stored passwords:

  • plainText - the plain text credentials if no algorithm is specified
  • encodedCredential - a hex encoded digest of the password digested using the configured digest
  • {MD5}encodedCredential - a Base64 encoded MD5 digest of the password
  • {SHA}encodedCredential - a Base64 encoded SHA1 digest of the password
  • {SSHA}encodedCredential - 20 character salt followed by the salted SHA1 digest Base64 encoded
  • salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $

If the stored password form does not include an iteration count then an iteration count of 1 is used.

If the stored password form does not include salt then no salt is used.

Attribute Description
algorithm

The name of the java.security.MessageDigest澳门新葡新京官方网站 algorithm used to encode user passwords stored in the database. If not specified, user passwords are assumed to be stored in clear-text.

encoding

澳门新葡新京官方网站Digesting the password requires that it is converted to bytes. This attribute determines the character encoding to use for conversions between characters and bytes. If not specified, UTF-8 will be used.

iterations

澳门新葡新京官方网站The number of iterations to use when creating a new stored credential from a clear text credential.

saltLength

The length of the randomly generated salt to use when creating a new stored credential from a clear text credential.

NestedCredentialHandler

The NestedCredentialHandler is an implementation of CredentialHandler that delegates to one or more sub-CredentialHandlers.

Using the NestedCredentialHandler gives the developer the ability to combine multiple CredentialHandlers of the same or different types.

Sub-CredentialHandlers are defined by nesting CredentialHandler elements inside the CredentialHandler element that defines the NestedCredentialHandler. Credentials will be matched against each CredentialHandler in the order they are listed. A match against any CredentialHandler will be sufficient for the credentials to be considered matched.

SecretKeyCredentialHandler

The SecretKeyCredentialHandler is used when stored passwords are built using javax.crypto.SecretKeyFactory. This credential handler supports the following forms of stored passwords:

  • salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $

澳门新葡新京官方网站If the stored password form does not include an iteration count then an iteration count of 1 is used.

澳门新葡新京官方网站If the stored password form does not include salt then no salt is used.

Attribute Description
algorithm

The name of the secret key algorithm used to encode user passwords stored in the database. If not specified, a default of PBKDF2WithHmacSHA1 is used.

keyLength

The length of key to generate for the stored credential. If not specified, a default of 160 is used.

iterations

The number of iterations to use when creating a new stored credential from a clear text credential.

saltLength

The length of the randomly generated salt to use when creating a new stored credential from a clear text credential.

Nested Components

If you are using the NestedCredentialHandler Implementation or a CredentialHandler that extends the NestedCredentialHandler one or more <CredentialHandler>澳门新葡新京官方网站 elements may be nested inside it.

Special Features

No special features are associated with a CredentialHandler element.

Comments

Notice: This comments section collects your suggestions on improving documentation for Apache Tomcat.

If you have trouble and need help, read page and ask your question on the tomcat-users . Do not ask such questions here. This is not a Q&A section.

The Apache Comments System is explained here澳门新葡新京官方网站. Comments may be removed by our moderators if they are either implemented or considered invalid/off-topic.

澳门威尼斯app下载-澳门新葡新京官方网站 新葡萄京娱乐场app_新葡萄京官网-首恶 55402com永利-永利402com官方澳门新葡新京官方网站 千赢官网娱乐网站登录-澳门新葡新京官方网站 库博体育-澳门新葡新京官方网站 im体育app-澳门新葡新京官方网站 365bet亚洲官方投注-澳门新葡新京官方网站 新葡的京集团350vip-官网澳门新葡新京官方网站 澳门拉斯维加斯线上游戏_澳门新葡新京官方网站 金沙-金沙澳门官网