how to use digest.sh in embedded-tomcat

Question

I know that $CATALINE_HOME/bin/digest.sh is used to generate hashed passwords which can be used in tomcat_users.xml but how can I implement the same behavior where I am using embedded tomcat in the project as it doesn't have bin/digest.sh?

UPDATE:

I found that RealmBase.java of tomcat has a method digest() which does equivalent to what digest.sh does, however, it's deprecated since tomcat 9 and I am using tomcat 9. Does anyone know what the new implementation for this method is?

Answer 1

The central method for dealing with hashed passwords is CredentialHandler#mutate, which is also the one used by digest.sh. It transforms the supplied password into its stored form.

You can retrieve the CredentialHandler in many ways:

• from the Tomcat object, using tomcat.getEngine().getRealm().getCredentialHandler(). For this to work you need to start the Realm if it is not running,
• from a servlet, by retrieving the Globals.CREDENTIAL_HANDLER ("org.apache.catalina.CredentialHandler") servlet context attribute.

Answer 2

digest.sh is used to generate password hashes. If you need to generate password hashes, just download tomcat archive from the Tomcat's homepage and run the script.

Embedded Tomcat does not have this script.