We have been developing a GWT application witch controls user login / relogin via simple user / pass form hashing the passwords in SHA-256. The passwords are stored in SHA-256 in the database (Hibernate over PostgreSQL). No plain text anywhere.
Once deployed, in the login process server returns error saying that no SHA-256 algorithm was found. The provider (MessageDigest from SUN) is in the java.security properties. The same version of JDK is being used in development and production server.
After doing my homework and searching here I've found a lot of questions, but all of them related to Realm login with SHA-256 digest.
I'm new to Tomcat so, what's the best practice here? Delegate login / roles in Tomcat? Or keep webapp simple login and fix SHA-256 problem (how!)?
Best regards
