Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Securing Passwords

There are many places where you might want to use and store a password, for example for the SSL connectors and user passwords in realms.

Passwords can be stored in clear text, obfuscated, checksummed or encrypted in order of increasing security.

The class can be used to generate all varieties of passwords.

Run it without arguments to see usage instructions:

Code Block
> java -cp lib/jetty-xxx.jar:lib/jetty-util-xxx.jar
Usage - java [<user>] <password>

where -xxx.jar signifies the version of jetty that you have installed.

For example, to generate a secured version of the password "blah" for the user "me", do:

Code Block
> java -cp lib/jetty-xxx.jar:lib/jetty-util-xxx.jar me blah

Now you can cut and paste whichever secure version you choose into your configuration file or java code.

For example, the last line below shows you how you would cut and paste the encrypted password generated above into the properties file for a HashUserRealm:

Code Block
admin: CRYPT:ad1ks..kc.1Ug,server-administrator,content-administrator,admin
other: OBF:1xmk1w261u9r1w1c1xmq
guest: guest,read-only

Don't forget to also copy the OBF:, MD5: or CRYPT: prefix on the generated password. It will not be usable by Jetty without it.

Contact the core Jetty developers at
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery