Reputation: 1835
Retrieve password Tomcat authentication
Looking for a way to capture user password in case of Tomcat form-based authentication so that i can send the username/password combination to another application. This is what i have so far:-
Principal principal = req.getUserPrincipal();
PropertyDescriptor[] pds;
pds = PropertyUtils.getPropertyDescriptors(principal.getClass());
for(int i = 0; i < pds.length; i++){
try {
String name = pds[i].getName();
Object value = PropertyUtils.getProperty(principal,name);
} catch (Exception e) {
e.printStackTrace();
}
}
How can i grab the password out of object? Would highly appreciate if anyone can provide recommendation around the same.
Upvotes: 0
Views: 223
Answers (3)
Reputation: 618
This kind of thing is a really bad idea, it breaks all kinds of tenets about how to handle secure credentials. The OAuth protocol was developed to address this problem - I suggest you look into it to see if you can it instead.
Upvotes: 0
Reputation: 16095
Check the name property to see it equals password and the corresponding value will be your password.
Upvotes: 1
Reputation: 14045
You may be able to intercept the password earlier in the login sequence but I would hope you can't do it this way, otherwise security would be badly broken.
Upvotes: 1
Related Questions
- How to get password from HTTP basic authentication
- tomcat 7 Form based authentification
- Form authentication with Tomcat
- Read User Input from Tomcat startup
- tomcat 6 HTTP authentication
- Java servlet and authentication
- Authentication Via Servlet
- Servlet security authentication
- servlet authentication and further reference to the credentials
- How to get login password in servlets