Using Struts 2 with digest/hashing-based Spring Security
Using the form-based or basic authentication doesn't make the Struts 2-based application secure since the passwords are exposed to the user as plain text. There is a crypto package available in Spring Security JAR. The package can decrypt the encrypted password, but we need to tell the Spring Security API about the algorithm used for encryption.
Getting ready
- Create a dynamic web project in Eclipse
- Add the Struts 2 JARs
- Add Spring Security related JARs
- The
web.xml,struts2.xml, and JSP settings remain the same as the previous application
How to do it...
Let's encrypt the password: packt123456.
We need to use an external JAR, JACKSUM, which means Java checksum. It supports both MD5 and SHA1 encryption.
Download the jacksum.zip file (http://www.jonelo.de/java/jacksum/#Download) and extract the ZIP folder.
packt>java -jar jacksum.jar -a sha -q"txt:packt123456"
Update the applicationcontext-security.xml file:
<beans:beans...
