You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/03/16 13:01:21 UTC
svn commit: r1666972 - in /tomcat/trunk:
java/org/apache/catalina/realm/DigestCredentialHandlerBase.java
webapps/docs/realm-howto.xml
Author: markt
Date: Mon Mar 16 12:01:20 2015
New Revision: 1666972
URL: http://svn.apache.org/r1666972
Log:
Use short form of digest output when compatible with input settings (makes it simpler to use with DIGEDT auth).
Update notes on digest auth to add that no salt and one iteration must be used.
Modified:
tomcat/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java
tomcat/trunk/webapps/docs/realm-howto.xml
Modified: tomcat/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java?rev=1666972&r1=1666971&r2=1666972&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java Mon Mar 16 12:01:20 2015
@@ -120,15 +120,20 @@ public abstract class DigestCredentialHa
String serverCredential = mutate(userCredential, salt, iterations);
- StringBuilder result =
- new StringBuilder((saltLength << 1) + 10 + serverCredential.length() + 2);
- result.append(HexUtils.toHexString(salt));
- result.append('$');
- result.append(iterations);
- result.append('$');
- result.append(serverCredential);
+ if (saltLength == 0 && iterations == 1) {
+ // Output the simple/old format for backwards compatibility
+ return serverCredential;
+ } else {
+ StringBuilder result =
+ new StringBuilder((saltLength << 1) + 10 + serverCredential.length() + 2);
+ result.append(HexUtils.toHexString(salt));
+ result.append('$');
+ result.append(iterations);
+ result.append('$');
+ result.append(serverCredential);
- return result.toString();
+ return result.toString();
+ }
}
Modified: tomcat/trunk/webapps/docs/realm-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/realm-howto.xml?rev=1666972&r1=1666971&r2=1666972&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/realm-howto.xml (original)
+++ tomcat/trunk/webapps/docs/realm-howto.xml Mon Mar 16 12:01:20 2015
@@ -199,10 +199,11 @@ techniques are supported:</p>
</ul>
<p>If using digested passwords with DIGEST authentication, the cleartext used
- to generate the digest is different and the digest must use the MD5
- algorithm. In the examples above <code>{cleartext-password}</code> must be
- replaced with <code>{username}:{realm}:{cleartext-password}</code>. For
- example, in a development environment this might take the form
+ to generate the digest is different and the digest must use one iteration of
+ the MD5 algorithm with no salt. In the examples above
+ <code>{cleartext-password}</code> must be replaced with
+ <code>{username}:{realm}:{cleartext-password}</code>. For example, in a
+ development environment this might take the form
<code>testUser:Authentication required:testPassword</code>. The value for
<code>{realm}</code> is taken from the <code><realm-name></code>
element of the web application's <code><login-config></code>. If
@@ -216,6 +217,10 @@ are supported using</p>
digester. The digester returns <code>{input}:{digest}</code>. If the input
appears corrupted in the return, the digest will be invalid.</p>
+<p>The output format of the digest is <code>{salt}${iterations}${digest}</code>.
+If the salt length is zero and the iteration count is one, the output is
+simplified to <code>{digest}</code>.</p>
+
<p>The full syntax of <code>CATALINA_HOME/bin/digest.[bat|sh]</code> is:</p>
<source>CATALINA_HOME/bin/digest.[bat|sh] [-a <algorithm>] [-e <encoding>]
[-i <iterations>] [-s <salt-length>] [-k <key-length>]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org