You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by na...@apache.org on 2001/04/10 11:01:01 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa JDBCRealm.java
nacho 01/04/10 02:01:00
Modified: src/share/org/apache/tomcat/modules/aaa JDBCRealm.java
Log:
The digest should be called on credentials, not on what's
picked up from the database.
Reported by Bojan Smojver
Revision Changes Path
1.6 +7 -6 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java
Index: JDBCRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- JDBCRealm.java 2001/02/27 19:10:16 1.5
+++ JDBCRealm.java 2001/04/10 09:00:59 1.6
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v 1.5 2001/02/27 19:10:16 costin Exp $
- * $Revision: 1.5 $
- * $Date: 2001/02/27 19:10:16 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v 1.6 2001/04/10 09:00:59 nacho Exp $
+ * $Revision: 1.6 $
+ * $Date: 2001/04/10 09:00:59 $
*
* The Apache Software License, Version 1.1
*
@@ -277,14 +277,15 @@
preparedAuthenticate.setString(1, username);
ResultSet rs1 = preparedAuthenticate.executeQuery();
if (rs1.next()) {
- if (digest.equalsIgnoreCase("No")) {
- if (credentials.equals(rs1.getString(1).trim())) {
+ String dbCredentials=rs1.getString(1).trim();
+ if( digest.equals("") || digest.equalsIgnoreCase("No")){
+ if (credentials.equals(dbCredentials)) {
if (debug >= 2)
log(sm.getString("jdbcRealm.authenticateSuccess", username));
return true;
}
} else {
- if (credentials.equals(digest(rs1.getString(1), digest))) {
+ if (digest(credentials,digest).equals(dbCredentials)) {
if (debug >= 2)
log(sm.getString("jdbcRealm.authenticateSuccess", username));
return true;