Author: markt
Date: Mon Sep 14 12:33:37 2015
New Revision: 1702923
URL: http://svn.apache.org/r1702923
Log:
JAAS Realm should be using CredentialHandler to mutate passwords
Modified:
tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java?rev=1702923&r1=1702922&r2=1702923&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java Mon
Sep 14 12:33:37 2015
@@ -91,7 +91,7 @@ public class JAASCallbackHandler impleme
this.username = username;
if (realm.hasMessageDigest()) {
- this.password = realm.digest(password);
+ this.password = realm.getCredentialHandler().mutate(password);
}
else {
this.password = password;
Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1702923&r1=1702922&r2=1702923&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Mon Sep 14
12:33:37 2015
@@ -1116,7 +1116,10 @@ public abstract class RealmBase extends
*
* @param credentials Password or other credentials to use in
* authenticating this username
+ *
+ * @deprecated Used. Will be removed in Tomcat 9.
*/
+ @Deprecated
protected String digest(String credentials) {
// If no MessageDigest instance is specified, return unchanged
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
