My web application is relying on container-managed security and I'm wondering if it's possible to use salted passwords at all. As far as I can tell it's easy enough to store digested passwords in a database by just configuring a JDBC or DataSource Realm, but there's no way to add a salt to those digest.
Any suggestions?
Edit: it seems I just need to think some more before asking questions ;-)
It's just a matter of choosing who's doing the digest calculation (client or server) and configure Tomcat accordingly.