nacho 01/04/10 02:06:49
Modified: catalina/src/share/org/apache/catalina/realm JDBCRealm.java
Log:
The digest should be called on credentials, not on what's
picked up from the database.
Reported by Bojan Smojver
Revision Changes Path
1.11 +5 -3
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java
Index: JDBCRealm.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- JDBCRealm.java 2001/03/24 20:53:57 1.10
+++ JDBCRealm.java 2001/04/10 09:06:49 1.11
@@ -395,14 +395,16 @@
ResultSet rs1 = preparedAuthenticate.executeQuery();
boolean found = false;
if (rs1.next()) {
+ String dbCredentials=rs1.getString(1).trim();
if( digest.equals("") || digest.equalsIgnoreCase("No")){
- if(credentials.equals(rs1.getString(1).trim())) {
+ if(credentials.equals(dbCredentials)) {
if(debug >= 2)
log(sm.getString("jdbcRealm.authenticateSuccess",
username));
found = true;
- }else if (credentials.equals(
- Digest(rs1.getString(1).trim(),digest))) {
+ }
+ } else{
+ if (Digest(credentials,digest).equals(dbCredentials)) {
if (debug >= 2)
log(sm.getString("jdbcRealm.authenticateSuccess",
username));