Hi, Does JDBCRealm realm work for DIGEST authentication scheme(I have passwords stored in cleartext form. JDBCRealm works with BASIC authenctication scheme though)? I find the corresponding coding partially implemented. IF it works for for someone, could you please guide me on how you made it possible.
Thanks, Uddhav ----- Original Message ----- From: "Uddhav Shirname" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Tuesday, March 11, 2003 7:53 PM Subject: Re: JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns null) > Hi, > I have implemeted the methods getPassword() and getPrincipal() in > JDBCRealm. Digest authentication works for me with these changes. One thing > that still doest work is if I have stored the password in encrypted form in > the database. I have doubts if this will always work in the scenario where > the password has been persisted using say SHA and the web authentication > utilises MD5. Will the responseDigest send by client and the one generated > at the server match? > Following are the chages I have made. I am new to this forum, can somebody > guide me on how these changes can be committed if approved. Thanks. > > /** > * Return the password associated with the given principal's user name. > */ > protected String getPassword(String username) { > Connection dbConnection = null; > String dbCredentials = null; > try { > // Ensure that we have an open database connection > dbConnection = open(); > > // Look up the user's credentials > PreparedStatement stmt = credentials(dbConnection, username); > ResultSet rs = stmt.executeQuery(); > while (rs.next()) { > dbCredentials = rs.getString(1).trim(); > } > rs.close(); > if (dbCredentials == null) { > return (null); > } > > // Release the database connection we just used > release(dbConnection); > > > } catch (SQLException e) { > e.printStackTrace(); > // Log the problem for posterity > log(sm.getString("jdbcRealm.exception"), e); > > // Close the connection so that it gets reopened next time > if (dbConnection != null) > close(dbConnection); > > } > return (dbCredentials); > // return (null); // earlier code > } > > > /** > * Return the Principal associated with the given user name. > */ > protected Principal getPrincipal(String username) { > > Connection dbConnection = null; > GenericPrincipal principal = null; > try { > String credentials = getPassword(username); > // Ensure that we have an open database connection > dbConnection = open(); > > // Accumulate the user's roles > ArrayList list = new ArrayList(); > PreparedStatement stmt = roles(dbConnection, username); > ResultSet rs = stmt.executeQuery(); > while (rs.next()) { > list.add(rs.getString(1).trim()); > } > rs.close(); > dbConnection.commit(); > // Create and return a suitable Principal for this user > principal = (new GenericPrincipal(this, username, credentials, > list)); > > // Release the database connection we just used > release(dbConnection); > > > } catch (SQLException e) { > e.printStackTrace(); > // Log the problem for posterity > log(sm.getString("jdbcRealm.exception"), e); > > // Close the connection so that it gets reopened next time > if (dbConnection != null) > close(dbConnection); > > } > return (principal); > // return (null); // earlier code > } > > ----- Original Message ----- > From: "Uddhav Shirname" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, March 11, 2003 7:07 PM > Subject: JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns > null) > > > > Hi, > > I am unable to authenticate using digest authentication. I browsed > > through the code and found that getPassword() method in JDBCRealm returns > > null (harcoded). I am using the following configuration. Am I missing > > something somewhere? > > server.xml: > > ---------- > > <Realm > > className="org.apache.catalina.realm.JDBCRealm" > > debug="99" > > digest="MD5" > > driverName="oracle.jdbc.driver.OracleDriver" > > connectionURL="jdbc:oracle:thin:@lohgad:1521:dsoft" > > connectionName="uddhav" > > connectionPassword="uddhav" > > userTable="tab_users" > > userNameCol="user_name" > > userCredCol="user_pass" > > userRoleTable="tab_user_roles" > > roleNameCol="role_name" /> > > > > web.xml: > > --------- > > <login-config> > > <auth-method>DIGEST</auth-method> > > <realm-name>OnJava Application</realm-name> > > </login-config> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]