authentication « Glassfish « JSF Q&A

1. Is it possible to use container-managed authentication with password salting?

I know how to set up vanilla container-managed security that uses form authentication and uses digested passwords (say, SHA-256). Something like this:



2. Glassfish containter security authentication - how to add salt (j_security_check)

How to add salt when I want to authenticate users using web.xml security (j_username, j_password, j_security_check)? Now, I am using MD5 or SHA256 (configured in Security Realm). Using Glassfish 3.1, Java Server Faces ...