markt 2004/11/23 15:14:09
Modified: catalina/src/share/org/apache/catalina/realm
DataSourceRealm.java
webapps/docs changelog.xml realm-howto.xml
Log:
Add support for DIGEST authentication to the DataSourceRealm
Revision Changes Path
1.11 +139 -63
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java
Index: DataSourceRealm.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- DataSourceRealm.java 29 Oct 2004 13:22:47 -0000 1.10
+++ DataSourceRealm.java 23 Nov 2004 23:14:09 -0000 1.11
@@ -326,73 +326,39 @@
* @param username Username of the Principal to look up
* @param credentials Password or other credentials to use in
* authenticating this username
- *
- * @exception SQLException if a database error occurs
*/
protected Principal authenticate(Connection dbConnection,
String username,
- String credentials)
- throws SQLException {
+ String credentials) {
- ResultSet rs = null;
- PreparedStatement stmt = null;
- ArrayList list = null;
+ // No user - can't possibly authenticate
+ if (username == null) {
+ return (null);
+ }
- try {
- // Look up the user's credentials
- String dbCredentials = null;
- stmt = credentials(dbConnection, username);
- rs = stmt.executeQuery();
- if (rs.next()) {
- dbCredentials = rs.getString(1);
- }
- rs.close();
- rs = null;
- stmt.close();
- stmt = null;
- if (dbCredentials == null) {
- return (null);
- }
- dbCredentials = dbCredentials.trim();
-
- // Validate the user's credentials
- boolean validated = false;
- if (hasMessageDigest()) {
- // Hex hashes should be compared case-insensitive
- validated =
(digest(credentials).equalsIgnoreCase(dbCredentials));
- } else
- validated = (digest(credentials).equals(dbCredentials));
-
- if (validated) {
- if (container.getLogger().isTraceEnabled())
-
container.getLogger().trace(sm.getString("dataSourceRealm.authenticateSuccess",
- username));
- } else {
- if (container.getLogger().isDebugEnabled())
-
container.getLogger().trace(sm.getString("dataSourceRealm.authenticateFailure",
- username));
- return (null);
- }
-
- // Accumulate the user's roles
- list = new ArrayList();
- stmt = roles(dbConnection, username);
- rs = stmt.executeQuery();
- while (rs.next()) {
- String role = rs.getString(1);
- if(role != null) {
- list.add(role.trim());
- }
- }
- } finally {
- if (rs != null) {
- rs.close();
- }
- if (stmt != null) {
- stmt.close();
- }
+ String dbCredentials = getPassword(username);
+
+ // Validate the user's credentials
+ boolean validated = false;
+ if (hasMessageDigest()) {
+ // Hex hashes should be compared case-insensitive
+ validated =
(digest(credentials).equalsIgnoreCase(dbCredentials));
+ } else
+ validated = (digest(credentials).equals(dbCredentials));
+
+ if (validated) {
+ if (container.getLogger().isTraceEnabled())
+
container.getLogger().trace(sm.getString("dataSourceRealm.authenticateSuccess",
+ username));
+ } else {
+ if (container.getLogger().isDebugEnabled())
+
container.getLogger().trace(sm.getString("dataSourceRealm.authenticateFailure",
+ username));
+ return (null);
}
+ ArrayList list = getRoles(username);
+
// Create and return a suitable Principal for this user
return (new GenericPrincipal(this, username, credentials, list));
@@ -484,8 +450,65 @@
*/
protected String getPassword(String username) {
- return (null);
+ ResultSet rs = null;
+ PreparedStatement stmt = null;
+ ArrayList list = null;
+ Connection dbConnection = null;
+
+ // Ensure that we have an open database connection
+ dbConnection = open();
+ if (dbConnection == null) {
+ return null;
+ }
+
+ try {
+ // Look up the user's credentials
+ String dbCredentials = null;
+ stmt = credentials(dbConnection, username);
+ rs = stmt.executeQuery();
+ if (rs.next()) {
+ dbCredentials = rs.getString(1);
+ }
+ rs.close();
+ rs = null;
+ stmt.close();
+ stmt = null;
+ if (dbCredentials == null) {
+ return (null);
+ }
+ dbCredentials = dbCredentials.trim();
+ return (dbCredentials);
+
+ } catch(SQLException e) {
+ container.getLogger().error(sm
+ .getString("datasourceRealm.getPassword.exception",
+ username));
+ } finally {
+ try {
+ if (rs != null) {
+ rs.close();
+ }
+ if (stmt != null) {
+ stmt.close();
+ }
+ if( !dbConnection.getAutoCommit() ) {
+ dbConnection.commit();
+ }
+ } catch (SQLException e) {
+ container.getLogger().error(sm
+ .getString("datasourceRealm.getPassword.exception",
+ username));
+
+ }
+ // Release the database connection we just used
+ close(dbConnection);
+ dbConnection = null;
+
+ }
+
+ return (null);
+
}
@@ -494,12 +517,65 @@
*/
protected Principal getPrincipal(String username) {
- return (null);
+ return (new GenericPrincipal(this,
+ username,
+ getPassword(username),
+ getRoles(username)));
}
+ /**
+ * Return the roles associated with the gven user name.
+ */
+ protected ArrayList getRoles(String username) {
+
+ ResultSet rs = null;
+ PreparedStatement stmt = null;
+ Connection dbConnection = null;
+
+ // Ensure that we have an open database connection
+ dbConnection = open();
+ if (dbConnection == null) {
+ return null;
+ }
+ try {
+ // Accumulate the user's roles
+ ArrayList list = new ArrayList();
+ stmt = roles(dbConnection, username);
+ rs = stmt.executeQuery();
+ while (rs.next()) {
+ String role = rs.getString(1);
+ if (role != null) {
+ list.add(role.trim());
+ }
+ }
+
+ return (list);
+ } catch(SQLException e) {
+ container.getLogger().error(sm
+ .getString("datasourceRealm.getRoles.exception",
+ username));
+ } finally {
+ try {
+ if (rs != null) {
+ rs.close();
+ }
+ if (stmt != null) {
+ stmt.close();
+ }
+ } catch(SQLException e) {
+ container.getLogger().error(sm
+ .getString("datasourceRealm.getRoles.exception",
+ username));
+ }
+ }
+
+ return (null);
+ }
+
+
/**
* Return a PreparedStatement configured to perform the SELECT required
* to retrieve user roles for the specified username.
1.181 +1 -1 jakarta-tomcat-catalina/webapps/docs/changelog.xml
Index: changelog.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v
retrieving revision 1.180
retrieving revision 1.181
diff -u -r1.180 -r1.181
--- changelog.xml 22 Nov 2004 22:42:29 -0000 1.180
+++ changelog.xml 23 Nov 2004 23:14:09 -0000 1.181
@@ -48,7 +48,7 @@
<bug>32282</bug>: Modify Windows Uninstaller to only remove
webapps/ROOT and webapps if user asks to remove everything. (yoavs)
</update>
<update>
- Add DIGEST authentication support to the JDBC realm. Supports both
digested and cleartext passwords. (markt)
+ Add DIGEST authentication support to the JDBC & DataSource realms.
Supports both digested and cleartext passwords. (markt)
</update>
</changelog>
</subsection>
1.23 +0 -3 jakarta-tomcat-catalina/webapps/docs/realm-howto.xml
Index: realm-howto.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/realm-howto.xml,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- realm-howto.xml 22 Nov 2004 22:42:30 -0000 1.22
+++ realm-howto.xml 23 Nov 2004 23:14:09 -0000 1.23
@@ -479,9 +479,6 @@
in the <em>users</em> table).</li>
<li>Role name of a valid role associated with this user.</li>
</ul></li>
-<li>Please note that the DataSourceRealm currently does not support DIGEST
- authentication (as opposed to BASIC authentication). It does support
- digested passwords as explained here.</li>
</ul>
<h3>Quick Start</h3>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
