Re: [PATCH] Digest Authentication

2003-07-30 Thread Barry Dunne 
[EMAIL PROTECTED] wrote:

Here I attach a patch for DigestAuthentication.java that should fix the 
problems with DIGEST authentication.

-// in some cases qop has quotes, and in some not. We'll 
support both
-if (currentTokenValue.startsWith(\)  
currentTokenValue.endsWith(\)) {
-  qop = removeQuotes(currentTokenValue);
-} else {
-  qop = currentTokenValue;
-}


It appears that qop is not the only problem, the sun java plug-in (v1.4.1) 
sends the nc value quoted.
This prevents applets logging in.

It might be worth leaving  qop = removeQuotes(currentTokenValue);
change the nc line to call removeQuotes, i.e.  nc = 
removeQuotes(currentTokenValue);
and add a test to the start of removeQuotes method as follows:

   protected static String removeQuotes(String quotedString) {
   if ((!quotedString.startsWith(\)) || 
(!quotedString.endsWith(\)))
   return quotedString;
   if (quotedString.length()  2) {
   return quotedString.substring(1, quotedString.length() - 1);
   } else {
   return new String();
   }
   }

This would prevent the same problem happening on any of the digest fields.

Barry.

_
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[BUG] j_security_check forward no longer working

2000-11-14 Thread Barry Dunne 

Hi,

I need to trap the username and password entered by the user when accessing 
a secured web page, this is so that I can use this information when 
connecting to an external system in a servlet.

The method I used was to have form based authentication but with the action 
posting to a jsp rather than j_security_check, the jsp then stores the 
username/password in the session and forwards the info on to 
j_security_check.

This works perfectly with tomcat 3.2 beta 4, but tomcat 4 milestone 4 throws 
an exception and creates a blank file called j_security_check in the login 
directory.

I am running on redhat linux 7 with sun jdk 1.3.

The attached war file is the files I am using and the text file shows the 
different output when run in v3.2 and v4.

Thanks,
Barry.
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.

 securitytest.war

Output with tomcat 3.2 beta 4:

User: tomcat
Password: tomcat



Output with tomcat 4 milestone 4:

A Servlet Exception Has Occurred
Exception Report:
javax.servlet.ServletException: Servlet.service() for servlet default threw 
exception
at 
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:537)
at 
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:292)
at 
org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:431)
at 
login._0002flogin_0002fsecurity_0005fcheck_0002ejspsecurity_0005fcheck_jsp_32._jspService(_0002flogin_0002fsecurity_0005fcheck_0002ejspsecurity_0005fcheck_jsp_32.java:102)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at 
org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:181)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:317)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:396)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:180)
at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:255)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:977)
at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:165)
at org.apache.catalina.valves.ValveBase.invokeNext(ValveBase.java:242)
at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:443)
at org.apache.catalina.valves.ValveBase.invokeNext(ValveBase.java:242)
at 
org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:242)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:975)
at 
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:1876)
at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at org.apache.catalina.valves.ValveBase.invokeNext(ValveBase.java:242)
at 
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:343)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:975)
at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:159)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:977)
at 
org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:785)
at 
org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:902)
at java.lang.Thread.run(Thread.java:484)

Root Cause:
java.lang.NullPointerException
at 
org.apache.catalina.resources.FileResources.setResource(FileResources.java:586)
at 
org.apache.catalina.servlets.DefaultServlet.doPut(DefaultServlet.java:401)
at 
org.apache.catalina.servlets.DefaultServlet.doPost(DefaultServlet.java:365)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at 
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:517)
at 
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:292)
at 
org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:431)
at 
login._0002flogin_0002fsecurity_0005fcheck_0002ejspsecurity_0005fcheck_jsp_32._jspService(_0002flogin_0002fsecurity_0005fcheck_0002ejspsecurity_0005fcheck_jsp_32.java:102)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at