cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JDBCRealm.java

Tue, 10 Apr 2001 01:48:07 -0700 

nacho       01/04/10 02:06:49

  Modified:    catalina/src/share/org/apache/catalina/realm JDBCRealm.java
  Log:
  The digest should be called on credentials, not on what's
  picked up from the database.
  
  Reported by Bojan Smojver
  
  Revision  Changes    Path
  1.11      +5 -3      
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java
  
  Index: JDBCRealm.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- JDBCRealm.java    2001/03/24 20:53:57     1.10
  +++ JDBCRealm.java    2001/04/10 09:06:49     1.11
  @@ -395,14 +395,16 @@
            ResultSet rs1 = preparedAuthenticate.executeQuery();
            boolean found = false;
            if (rs1.next()) {
  +                String dbCredentials=rs1.getString(1).trim();
                   if( digest.equals("") || digest.equalsIgnoreCase("No")){
  -                    if(credentials.equals(rs1.getString(1).trim())) {
  +                    if(credentials.equals(dbCredentials)) {
                           if(debug >= 2)
                               log(sm.getString("jdbcRealm.authenticateSuccess",
                                                username));
                           found = true;
  -                    }else if (credentials.equals(
  -                                Digest(rs1.getString(1).trim(),digest))) {
  +                    }
  +                } else{
  +                    if (Digest(credentials,digest).equals(dbCredentials)) {
                           if (debug >= 2)
                               log(sm.getString("jdbcRealm.authenticateSuccess",
                                        username));

Reply via email to