It's all about the answers!

Ask a question

How to make the passwords encrypted in Tomcat server?


Sudarshan M (107121) | asked Dec 17 '19, 5:31 a.m.
edited Dec 17 '19, 6:12 a.m.

 When you reset a password, the log file(JazzTeamServer/server/tomcat/logs/localhost_access_log) captures passwords in plain text. 

2 answers



permanent link
Sudarshan M (107121) | answered Dec 17 '19, 5:33 a.m.

 login to jts/admin -> Server -> Advance Properties - Locate Tomcat Users' Password Digest -> set the Value to True -> Restart the server .

After restart try changing user password and check if it shows in log files.


permanent link
nishant kumar (11) | answered Dec 17 '19, 12:09 p.m.
 java -cp encryptedDS.jar com.incorta.tools.tomcat.DataSourceFactory

Enter password:

Confirm password:

Encrypted Password: m1rwxCXxhW7p87U9AWe8yg==

Using the generated password in Tomcat
In Tomcat server.xml file, find the JDBC Datasource definition (i.e. Resource tag). Here's a sample datasource definition:

     <Resource auth="Container" name="jdbc/incortaDB" type="javax.sql.DataSource"
     factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" testOnBorrow="true"
     initialSize="10" maxActive="500" minIdle="10" validationQuery="select 1"
     driverClassName="com.mysql.jdbc.Driver" username="root" password="passw0rd"
To use the encrypted password, you need to do the following:

Add (or change if exists) the data source factory to com.incorta.tools.tomcat.DataSourceFactory. -
Update the password to be the encrypted one -from the previous step.-
Here's an update data source definition:

     <Resource auth="Container" name="jdbc/incortaDB" type="javax.sql.DataSource"
     factory="com.incorta.tools.tomcat.DataSourceFactory" testOnBorrow="true"
     initialSize="10" maxActive="500" minIdle="10" validationQuery="select 1"
     driverClassName="com.mysql.jdbc.Driver" username="root" password="m1rwxCXxhW7p87U9AWe8yg=="

Thanks & Regards
Nishant SDE

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.