How to programatically encrypt/decrypt plain text credentials in JSP?

Question

As as part of my daily routine, I have the misfortune of administering an ancient, once \"just internal\" JSP web application that relies on the following authentication schema:

Answer 1

It is hard to understand the exact scheme you are thinking about but I assume the password is coming in from a request and you want to calculate the MD5 hash in a JSP that the request is being sent to. After that you can compare it to the pre-computed MD5 version. You could even be more secure if it isn't being done with https and use a javascript MD5 library to hash the password before submitting it.

You can MD5 a string in java like this:

try
{
  String digestInput = "queen";

  MessageDigest messageDigest = MessageDigest.getInstance("MD5");
  messageDigest.update(digestInput.getBytes());

  BASE64Encoder base64Encoder = new BASE64Encoder();
  String digestString = base64Encoder.encode(messageDigest.digest());

  // digestString now contains the md5 hashed password
}
catch (Exception e)
{
  // do some type of logging here
}