You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by cc...@apache.org on 2001/09/07 20:51:36 UTC
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JDBCRealm.java JNDIRealm.java MemoryRealm.java
ccain 01/09/07 11:51:36
Modified: catalina/src/share/org/apache/catalina/realm JDBCRealm.java
JNDIRealm.java MemoryRealm.java
Log:
Change comparison of hex digests (in authentication) to be
case-insensitive, as base16 values themselves are case-insensitive.
Revision Changes Path
1.18 +2 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java
Index: JDBCRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- JDBCRealm.java 2001/09/06 03:43:11 1.17
+++ JDBCRealm.java 2001/09/07 18:51:36 1.18
@@ -95,7 +95,7 @@
* @author Craig R. McClanahan
* @author Carson McDonald
* @author Ignacio Ortega
-* @version $Revision: 1.17 $ $Date: 2001/09/06 03:43:11 $
+* @version $Revision: 1.18 $ $Date: 2001/09/07 18:51:36 $
*/
public class JDBCRealm
@@ -384,7 +384,7 @@
}
// Validate the user's credentials
- if (digest(credentials).equals(dbCredentials)) {
+ if (digest(credentials).equalsIgnoreCase(dbCredentials)) {
if (debug >= 2)
log(sm.getString("jdbcRealm.authenticateSuccess",
username));
1.4 +2 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- JNDIRealm.java 2001/09/06 03:43:11 1.3
+++ JNDIRealm.java 2001/09/07 18:51:36 1.4
@@ -144,7 +144,7 @@
*
* @author John Holman
* @author Craig R. McClanahan
- * @version $Revision: 1.3 $ $Date: 2001/09/06 03:43:11 $
+ * @version $Revision: 1.4 $ $Date: 2001/09/07 18:51:36 $
*/
public class JNDIRealm extends RealmBase {
@@ -750,7 +750,7 @@
// Validate the credentials specified by the user
if (debug >= 3)
log(" validating credentials");
- if (digest(credentials).equals(valueString)) {
+ if (digest(credentials).equalsIgnoreCase(valueString)) {
if (debug >= 2)
log(sm.getString("jndiRealm.authenticateSuccess",
username));
1.8 +5 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java
Index: MemoryRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- MemoryRealm.java 2001/08/27 19:10:25 1.7
+++ MemoryRealm.java 2001/09/07 18:51:36 1.8
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java,v 1.7 2001/08/27 19:10:25 craigmcc Exp $
- * $Revision: 1.7 $
- * $Date: 2001/08/27 19:10:25 $
+ * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java,v 1.8 2001/09/07 18:51:36 ccain Exp $
+ * $Revision: 1.8 $
+ * $Date: 2001/09/07 18:51:36 $
*
* ====================================================================
*
@@ -95,7 +95,7 @@
* synchronization is performed around accesses to the principals collection.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.7 $ $Date: 2001/08/27 19:10:25 $
+ * @version $Revision: 1.8 $ $Date: 2001/09/07 18:51:36 $
*/
public final class MemoryRealm
@@ -205,7 +205,7 @@
GenericPrincipal principal =
(GenericPrincipal) principals.get(username);
if ((principal != null) &&
- (digest(credentials).equals(principal.getPassword()))) {
+ (digest(credentials).equalsIgnoreCase(principal.getPassword()))) {
if (debug >= 2)
log(sm.getString("memoryRealm.authenticateSuccess", username));
return (principal);