I have no problems using SHA-1. I also use FORM based authentication. You might try those, just to see if anything's different.
> -----Original Message----- > From: ahmet dalli [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 27, 2002 3:15 AM > To: [EMAIL PROTECTED] > Subject: Tomcat Realms with Digested Passwords -Urgent- ( A > little longish...) > > > Hi all, > > I am trying to use JDBCRealm to store user login > information in an oracle database. I am working on a > Windows2000 machine, using jdk1.4, and Tomcat4.0.4. > > In server.xml, i have this configuration: > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > <Realm > className="org.apache.catalina.realm.JDBCRealm" > debug="99" > driverName="oracle.jdbc.driver.OracleDriver" > connectionURL="jdbc:oracle:thin:usr/pass@host:1521:ORCL" > userTable="users" userNameCol="user_name" > userCredCol="user_pass" userRoleTable="user_roles" > roleNameCol="role_name" digest="MD5" /> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > In an Oracle8i database, i have a table called "users" > which has two columns named "user_name" and > "user_pass" ; and yet another one called > "user_roles" with to columns named "user_name" and > "user_role". > > When i store user passwords in cleartext, everything > works fine. > > I want to store passwords in a digested form. So, i > have used the following code to store a user_name : > baris, user_pass : aksu and user_role : director. > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > import org.apache.catalina.realm.RealmBase; > import java.io.*; > import java.sql.*; > > public class DigestDene { > public static void main(String[] args) { > try { > String username = args[0]; > String password = args[1]; > String role = args[2]; > String digested = > RealmBase.Digest(password, "MD5"); > //Here, code that connects to the database > /* ...... */ > stmt.executeUpdate("insert into users values('" + > username + "', '" + digested + "')"); > stmt.executeUpdate("insert into user_roles values > ('" + username + "', '" + role + "')"); > } > catch(Exception ex) {} > } > } > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Then, i have inserted my user's info from the > command-line with : > ^^^^^^^^^^^^^^^^^^^^^^^^^^ > java DigestDene baris aksu director > ^^^^^^^^^^^^^^^^^^^^^^^^^^^ > After this, I have these values in the database : > (in table users) > USER_NAME USER_PASS > --------------- ------------------------ > baris 394e654ca65973f232653fb0008c603d > > (in table user_roles) > USER_NAME USER_ROLE > ------------------- --------- > baris director > > Lastly, in web.xml i have these lines : > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected Basla Servlet > </web-resource-name> > <url-pattern>/servlet/IlkGirisServlet > </url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>director</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > <login-config> > <auth-method>BASIC</auth-method> > </login-config> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > When i try to acces my protected resource, i am > presented with the classic login screen for BASIC > authentication, and after i type "baris" for username and > "aksu" for password, Tomcat doesn't simply let me in. > > Any suggestions or comments will be greatly > appreciated. > > Baris..... > > __________________________________________________ > Do You Yahoo!? > Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com > > -- > To unsubscribe, e-mail: > <mailto:tomcat-user-> [EMAIL PROTECTED]> > For > additional commands, > e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>