Skip to main content
Jump to: navigation, search

Jetty/Howto/Secure Passwords

< Jetty‎ | Howto
Revision as of 14:12, 23 December 2009 by (Talk | contribs)


There are many places where you need to use and store a password, for example for the How to configure SSL connectors, and for user passwords in realms.

Passwords can be stored in *clear text*, *obfuscated*, *checksummed* or *encrypted* in order of increasing security.


Jetty provides a password utility that can be used to generate all varieties of passwords.

Run it without arguments to see usage instructions:

> java -cp lib/jetty-http-xxx.jar:lib/jetty-util-xxx.jar
Usage - java [<user>] <password>

where -xxx signifies the version of Jetty that you have installed.

For example, to generate a secured version of the password "blah" for the user "me", do:

> java -cp lib/jetty-http-xxx.jar:lib/jetty-util-xxx.jar me blah

Now you can cut and paste whichever secure version you choose into your configuration file or java code.

For example, the last line below shows you how you would cut and paste the encrypted password generated above into the properties file for a HashUserRealm:

admin: CRYPT:ad1ks..kc.1Ug,server-administrator,content-administrator,admin
other: OBF:1xmk1w261u9r1w1c1xmq
guest: guest,read-only
me: CRYPT:me/ks90E221EY
Don't forget to also copy the OBF:, MD5: or CRYPT: prefix on the generated password. It will not be usable by Jetty without it.

Back to the top