nacho 01/04/10 02:01:00
Modified: src/share/org/apache/tomcat/modules/aaa JDBCRealm.java
Log:
The digest should be called on credentials, not on what's
picked up from the database.
Reported by Bojan Smojver
Revision Changes Path
1.6 +7 -6
jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java
Index: JDBCRealm.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- JDBCRealm.java 2001/02/27 19:10:16 1.5
+++ JDBCRealm.java 2001/04/10 09:00:59 1.6
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v 1.5
2001/02/27 19:10:16 costin Exp $
- * $Revision: 1.5 $
- * $Date: 2001/02/27 19:10:16 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v 1.6
2001/04/10 09:00:59 nacho Exp $
+ * $Revision: 1.6 $
+ * $Date: 2001/04/10 09:00:59 $
*
* The Apache Software License, Version 1.1
*
@@ -277,14 +277,15 @@
preparedAuthenticate.setString(1, username);
ResultSet rs1 = preparedAuthenticate.executeQuery();
if (rs1.next()) {
- if (digest.equalsIgnoreCase("No")) {
- if (credentials.equals(rs1.getString(1).trim())) {
+ String dbCredentials=rs1.getString(1).trim();
+ if( digest.equals("") || digest.equalsIgnoreCase("No")){
+ if (credentials.equals(dbCredentials)) {
if (debug >= 2)
log(sm.getString("jdbcRealm.authenticateSuccess",
username));
return true;
}
} else {
- if (credentials.equals(digest(rs1.getString(1), digest))) {
+ if (digest(credentials,digest).equals(dbCredentials)) {
if (debug >= 2)
log(sm.getString("jdbcRealm.authenticateSuccess",
username));
return true;
