unable to login to second application because of password digest issues

Sun, 14 Dec 2008 14:56:23 -0800 

Hi.  I added a second application, but am unable to login to it because of 
password digest issues.  Stepping into RealmBase.java this is what I find:

When I log in to the primary application (under ROOT) the password is 
"test1111" and the password saved in the database is the sha1 which is 
"a743f6004188c384dbf566c0811ca0c978e07a9b".

In JDBCRealm.digest, which is called by authenticate, there is a line

                return (HexUtils.convert(md.digest()));

Incidentally, the second call to md.digest() returns a new result, although 
there is a call to md.reset() at the start of the try block.

When I put HexUtils.convert(md.digest()) into the debug watch, I get

HexUtils.convert(md.digest())   "a743f6004188c384dbf566c0811ca0c978e07a9b"      
String  

This matches what's in the database.  Of course when I let the debugger 
continue the login fails because the code itself calls md.digest which returns 
a new result.

So if I did not add that expression to the watch window, the login would work.  
And this is the case.

Now onto my second application.  The login is also "test1111", although the 
username, table name, and column names are different.

However, When I put HexUtils.convert(md.digest()) into the debug watch, I get

HexUtils.convert(md.digest())   "5fd0b97a45856c5581c1022c2e59ea00670e1040"      
String  

This does not match the value in the database, so the login fails.

In fact, if I don't add any breakpoints and let the code run, the login fails, 
and my guess is that's because digest returns the wrong value.  By contrast, 
for the ROOT application, digest returns the right value and the login succeeds 
-- as long as there are no breakpoints and watch variables.

Incidentally, in both cases, the next call to HexUtils.convert(md.digest()) 
yields

HexUtils.convert(md.digest())   "da39a3ee5e6b4b0d3255bfef95601890afd80709"      
String  
HexUtils.convert(md.digest())   "da39a3ee5e6b4b0d3255bfef95601890afd80709"      
String  

And the value remains the same even for the next call to 
HexUtils.convert(md.digest()).

Strange problem.

Thanks.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to