markt 2004/11/23 15:14:09 Modified: catalina/src/share/org/apache/catalina/realm DataSourceRealm.java webapps/docs changelog.xml realm-howto.xml Log: Add support for DIGEST authentication to the DataSourceRealm Revision Changes Path 1.11 +139 -63 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java Index: DataSourceRealm.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- DataSourceRealm.java 29 Oct 2004 13:22:47 -0000 1.10 +++ DataSourceRealm.java 23 Nov 2004 23:14:09 -0000 1.11 @@ -326,73 +326,39 @@ * @param username Username of the Principal to look up * @param credentials Password or other credentials to use in * authenticating this username - * - * @exception SQLException if a database error occurs */ protected Principal authenticate(Connection dbConnection, String username, - String credentials) - throws SQLException { + String credentials) { - ResultSet rs = null; - PreparedStatement stmt = null; - ArrayList list = null; + // No user - can't possibly authenticate + if (username == null) { + return (null); + } - try { - // Look up the user's credentials - String dbCredentials = null; - stmt = credentials(dbConnection, username); - rs = stmt.executeQuery(); - if (rs.next()) { - dbCredentials = rs.getString(1); - } - rs.close(); - rs = null; - stmt.close(); - stmt = null; - if (dbCredentials == null) { - return (null); - } - dbCredentials = dbCredentials.trim(); - - // Validate the user's credentials - boolean validated = false; - if (hasMessageDigest()) { - // Hex hashes should be compared case-insensitive - validated = (digest(credentials).equalsIgnoreCase(dbCredentials)); - } else - validated = (digest(credentials).equals(dbCredentials)); - - if (validated) { - if (container.getLogger().isTraceEnabled()) - container.getLogger().trace(sm.getString("dataSourceRealm.authenticateSuccess", - username)); - } else { - if (container.getLogger().isDebugEnabled()) - container.getLogger().trace(sm.getString("dataSourceRealm.authenticateFailure", - username)); - return (null); - } - - // Accumulate the user's roles - list = new ArrayList(); - stmt = roles(dbConnection, username); - rs = stmt.executeQuery(); - while (rs.next()) { - String role = rs.getString(1); - if(role != null) { - list.add(role.trim()); - } - } - } finally { - if (rs != null) { - rs.close(); - } - if (stmt != null) { - stmt.close(); - } + String dbCredentials = getPassword(username); + + // Validate the user's credentials + boolean validated = false; + if (hasMessageDigest()) { + // Hex hashes should be compared case-insensitive + validated = (digest(credentials).equalsIgnoreCase(dbCredentials)); + } else + validated = (digest(credentials).equals(dbCredentials)); + + if (validated) { + if (container.getLogger().isTraceEnabled()) + container.getLogger().trace(sm.getString("dataSourceRealm.authenticateSuccess", + username)); + } else { + if (container.getLogger().isDebugEnabled()) + container.getLogger().trace(sm.getString("dataSourceRealm.authenticateFailure", + username)); + return (null); } + ArrayList list = getRoles(username); + // Create and return a suitable Principal for this user return (new GenericPrincipal(this, username, credentials, list)); @@ -484,8 +450,65 @@ */ protected String getPassword(String username) { - return (null); + ResultSet rs = null; + PreparedStatement stmt = null; + ArrayList list = null; + Connection dbConnection = null; + + // Ensure that we have an open database connection + dbConnection = open(); + if (dbConnection == null) { + return null; + } + + try { + // Look up the user's credentials + String dbCredentials = null; + stmt = credentials(dbConnection, username); + rs = stmt.executeQuery(); + if (rs.next()) { + dbCredentials = rs.getString(1); + } + rs.close(); + rs = null; + stmt.close(); + stmt = null; + if (dbCredentials == null) { + return (null); + } + dbCredentials = dbCredentials.trim(); + return (dbCredentials); + + } catch(SQLException e) { + container.getLogger().error(sm + .getString("datasourceRealm.getPassword.exception", + username)); + } finally { + try { + if (rs != null) { + rs.close(); + } + if (stmt != null) { + stmt.close(); + } + if( !dbConnection.getAutoCommit() ) { + dbConnection.commit(); + } + } catch (SQLException e) { + container.getLogger().error(sm + .getString("datasourceRealm.getPassword.exception", + username)); + + } + // Release the database connection we just used + close(dbConnection); + dbConnection = null; + + } + + return (null); + } @@ -494,12 +517,65 @@ */ protected Principal getPrincipal(String username) { - return (null); + return (new GenericPrincipal(this, + username, + getPassword(username), + getRoles(username))); } + /** + * Return the roles associated with the gven user name. + */ + protected ArrayList getRoles(String username) { + + ResultSet rs = null; + PreparedStatement stmt = null; + Connection dbConnection = null; + + // Ensure that we have an open database connection + dbConnection = open(); + if (dbConnection == null) { + return null; + } + try { + // Accumulate the user's roles + ArrayList list = new ArrayList(); + stmt = roles(dbConnection, username); + rs = stmt.executeQuery(); + while (rs.next()) { + String role = rs.getString(1); + if (role != null) { + list.add(role.trim()); + } + } + + return (list); + } catch(SQLException e) { + container.getLogger().error(sm + .getString("datasourceRealm.getRoles.exception", + username)); + } finally { + try { + if (rs != null) { + rs.close(); + } + if (stmt != null) { + stmt.close(); + } + } catch(SQLException e) { + container.getLogger().error(sm + .getString("datasourceRealm.getRoles.exception", + username)); + } + } + + return (null); + } + + /** * Return a PreparedStatement configured to perform the SELECT required * to retrieve user roles for the specified username. 1.181 +1 -1 jakarta-tomcat-catalina/webapps/docs/changelog.xml Index: changelog.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v retrieving revision 1.180 retrieving revision 1.181 diff -u -r1.180 -r1.181 --- changelog.xml 22 Nov 2004 22:42:29 -0000 1.180 +++ changelog.xml 23 Nov 2004 23:14:09 -0000 1.181 @@ -48,7 +48,7 @@ <bug>32282</bug>: Modify Windows Uninstaller to only remove webapps/ROOT and webapps if user asks to remove everything. (yoavs) </update> <update> - Add DIGEST authentication support to the JDBC realm. Supports both digested and cleartext passwords. (markt) + Add DIGEST authentication support to the JDBC & DataSource realms. Supports both digested and cleartext passwords. (markt) </update> </changelog> </subsection> 1.23 +0 -3 jakarta-tomcat-catalina/webapps/docs/realm-howto.xml Index: realm-howto.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/realm-howto.xml,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- realm-howto.xml 22 Nov 2004 22:42:30 -0000 1.22 +++ realm-howto.xml 23 Nov 2004 23:14:09 -0000 1.23 @@ -479,9 +479,6 @@ in the <em>users</em> table).</li> <li>Role name of a valid role associated with this user.</li> </ul></li> -<li>Please note that the DataSourceRealm currently does not support DIGEST - authentication (as opposed to BASIC authentication). It does support - digested passwords as explained here.</li> </ul> <h3>Quick Start</h3>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]