Hi,
Does JDBCRealm realm work for DIGEST authentication scheme(I have
passwords stored in cleartext form. JDBCRealm works with BASIC
authenctication scheme though)? I find the corresponding coding partially
implemented. IF it works for for someone, could you please guide me on how
you made it possible.
Thanks,
Uddhav
----- Original Message -----
From: "Uddhav Shirname" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Tuesday, March 11, 2003 7:53 PM
Subject: Re: JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns
null)
> Hi,
> I have implemeted the methods getPassword() and getPrincipal() in
> JDBCRealm. Digest authentication works for me with these changes. One
thing
> that still doest work is if I have stored the password in encrypted form
in
> the database. I have doubts if this will always work in the scenario where
> the password has been persisted using say SHA and the web authentication
> utilises MD5. Will the responseDigest send by client and the one generated
> at the server match?
> Following are the chages I have made. I am new to this forum, can somebody
> guide me on how these changes can be committed if approved. Thanks.
>
> /**
> * Return the password associated with the given principal's user
name.
> */
> protected String getPassword(String username) {
> Connection dbConnection = null;
> String dbCredentials = null;
> try {
> // Ensure that we have an open database connection
> dbConnection = open();
>
> // Look up the user's credentials
> PreparedStatement stmt = credentials(dbConnection, username);
> ResultSet rs = stmt.executeQuery();
> while (rs.next()) {
> dbCredentials = rs.getString(1).trim();
> }
> rs.close();
> if (dbCredentials == null) {
> return (null);
> }
>
> // Release the database connection we just used
> release(dbConnection);
>
>
> } catch (SQLException e) {
> e.printStackTrace();
> // Log the problem for posterity
> log(sm.getString("jdbcRealm.exception"), e);
>
> // Close the connection so that it gets reopened next time
> if (dbConnection != null)
> close(dbConnection);
>
> }
> return (dbCredentials);
> // return (null); // earlier code
> }
>
>
> /**
> * Return the Principal associated with the given user name.
> */
> protected Principal getPrincipal(String username) {
>
> Connection dbConnection = null;
> GenericPrincipal principal = null;
> try {
> String credentials = getPassword(username);
> // Ensure that we have an open database connection
> dbConnection = open();
>
> // Accumulate the user's roles
> ArrayList list = new ArrayList();
> PreparedStatement stmt = roles(dbConnection, username);
> ResultSet rs = stmt.executeQuery();
> while (rs.next()) {
> list.add(rs.getString(1).trim());
> }
> rs.close();
> dbConnection.commit();
> // Create and return a suitable Principal for this user
> principal = (new GenericPrincipal(this, username, credentials,
> list));
>
> // Release the database connection we just used
> release(dbConnection);
>
>
> } catch (SQLException e) {
> e.printStackTrace();
> // Log the problem for posterity
> log(sm.getString("jdbcRealm.exception"), e);
>
> // Close the connection so that it gets reopened next time
> if (dbConnection != null)
> close(dbConnection);
>
> }
> return (principal);
> // return (null); // earlier code
> }
>
> ----- Original Message -----
> From: "Uddhav Shirname" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, March 11, 2003 7:07 PM
> Subject: JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns
> null)
>
>
> > Hi,
> > I am unable to authenticate using digest authentication. I browsed
> > through the code and found that getPassword() method in JDBCRealm
returns
> > null (harcoded). I am using the following configuration. Am I missing
> > something somewhere?
> > server.xml:
> > ----------
> > <Realm
> > className="org.apache.catalina.realm.JDBCRealm"
> > debug="99"
> > digest="MD5"
> > driverName="oracle.jdbc.driver.OracleDriver"
> > connectionURL="jdbc:oracle:thin:@lohgad:1521:dsoft"
> > connectionName="uddhav"
> > connectionPassword="uddhav"
> > userTable="tab_users"
> > userNameCol="user_name"
> > userCredCol="user_pass"
> > userRoleTable="tab_user_roles"
> > roleNameCol="role_name" />
> >
> > web.xml:
> > ---------
> > <login-config>
> > <auth-method>DIGEST</auth-method>
> > <realm-name>OnJava Application</realm-name>
> > </login-config>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
