nacho 01/04/10 02:01:00 Modified: src/share/org/apache/tomcat/modules/aaa JDBCRealm.java Log: The digest should be called on credentials, not on what's picked up from the database. Reported by Bojan Smojver Revision Changes Path 1.6 +7 -6 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java Index: JDBCRealm.java =================================================================== RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- JDBCRealm.java 2001/02/27 19:10:16 1.5 +++ JDBCRealm.java 2001/04/10 09:00:59 1.6 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v 1.5 2001/02/27 19:10:16 costin Exp $ - * $Revision: 1.5 $ - * $Date: 2001/02/27 19:10:16 $ + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v 1.6 2001/04/10 09:00:59 nacho Exp $ + * $Revision: 1.6 $ + * $Date: 2001/04/10 09:00:59 $ * * The Apache Software License, Version 1.1 * @@ -277,14 +277,15 @@ preparedAuthenticate.setString(1, username); ResultSet rs1 = preparedAuthenticate.executeQuery(); if (rs1.next()) { - if (digest.equalsIgnoreCase("No")) { - if (credentials.equals(rs1.getString(1).trim())) { + String dbCredentials=rs1.getString(1).trim(); + if( digest.equals("") || digest.equalsIgnoreCase("No")){ + if (credentials.equals(dbCredentials)) { if (debug >= 2) log(sm.getString("jdbcRealm.authenticateSuccess", username)); return true; } } else { - if (credentials.equals(digest(rs1.getString(1), digest))) { + if (digest(credentials,digest).equals(dbCredentials)) { if (debug >= 2) log(sm.getString("jdbcRealm.authenticateSuccess", username)); return true;