Author: markt Date: Mon Sep 14 12:33:37 2015 New Revision: 1702923 URL: http://svn.apache.org/r1702923 Log: JAAS Realm should be using CredentialHandler to mutate passwords
Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java?rev=1702923&r1=1702922&r2=1702923&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java Mon Sep 14 12:33:37 2015 @@ -91,7 +91,7 @@ public class JAASCallbackHandler impleme this.username = username; if (realm.hasMessageDigest()) { - this.password = realm.digest(password); + this.password = realm.getCredentialHandler().mutate(password); } else { this.password = password; Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1702923&r1=1702922&r2=1702923&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Mon Sep 14 12:33:37 2015 @@ -1116,7 +1116,10 @@ public abstract class RealmBase extends * * @param credentials Password or other credentials to use in * authenticating this username + * + * @deprecated Used. Will be removed in Tomcat 9. */ + @Deprecated protected String digest(String credentials) { // If no MessageDigest instance is specified, return unchanged --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org