I know that $CATALINE_HOME/bin/digest.sh is used to generate hashed passwords which can be used in tomcat_users.xml but how can I implement the same behavior where I am using embedded tomcat in the project as it doesn't have bin/digest.sh?
UPDATE:
I found that RealmBase.java of tomcat has a method digest() which does equivalent to what digest.sh does, however, it's deprecated since tomcat 9 and I am using tomcat 9. Does anyone know what the new implementation for this method is?
The central method for dealing with hashed passwords is CredentialHandler#mutate, which is also the one used by digest.sh. It transforms the supplied password into its stored form.
You can retrieve the CredentialHandler in many ways:
Tomcat object, using tomcat.getEngine().getRealm().getCredentialHandler(). For this to work you need to start the Realm if it is not running,Globals.CREDENTIAL_HANDLER ("org.apache.catalina.CredentialHandler") servlet context attribute.