I want to use Tomcats role based authentication, problem is i'm storing the passwords hashed in my database so cannot use basic authentication/or digest. Is there a way to compare the clear text password with the hashed password? I'm usng SHA to hash passwords.
Tomcat can hash the user's attempted password and compare it to what you have in the database. This won't work with HTTP DIGEST but it should work with HTTP BASIC. You probably want to use DataSourceRealm and not JDBCRealm because it will perform much better.
Just configure your <Realm> like this:
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/myDataSource"
userTable="users"
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name"
digest="SHA1" />
Obviously, you'll have to customize the values above to match what you have in your database.
A bit of a note: SHA1 hashing is not sufficient to protect a stored credential from being reverse-engineered if your user database is stolen. You will need to implement some kind of password-strengthening strategy to protect your users' credentials. I would recommend trying to shift from SHA1 over to something like PBKDF2, bcrypt/scrypt, or even using SHA-512 with a salt and a non-trivial number of iterations (like many thousands). Recent versions of Tomcat can handle iterations and salting for you, and also allow you to plug-in other functions such as bcrypt/scrypt and PBKDF2 fairly easily.