nacho 01/02/05 18:05:46
Modified: src/share/org/apache/tomcat/modules/aaa JDBCRealm.java
Log:
Bugzilla #307 & #407
Authentication failes using the JDBCRealm with Sybase ASE 11.9.2
for Linux BugRat Report#560
reported by: [EMAIL PROTECTED] (Allan Schweitz)
JDBCRealm: Call trim() on names and roles read
out of database BugRat Report#707
reported by [EMAIL PROTECTED] (Adam Rabung)
Revision Changes Path
1.3 +44 -37
jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java
Index: JDBCRealm.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- JDBCRealm.java 2001/02/04 22:08:24 1.2
+++ JDBCRealm.java 2001/02/06 02:05:46 1.3
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v 1.2
2001/02/04 22:08:24 nacho Exp $
- * $Revision: 1.2 $
- * $Date: 2001/02/04 22:08:24 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v 1.3
2001/02/06 02:05:46 nacho Exp $
+ * $Revision: 1.3 $
+ * $Date: 2001/02/06 02:05:46 $
*
* The Apache Software License, Version 1.1
*
@@ -76,8 +76,13 @@
/**
* Implmentation of <b>Realm</b> that works with any JDBC supported database.
- * See the JDBCRealm.howto for more details on how to set up the database and for
configuration options. TODO:
- * - Work on authentication with non-plaintext passwords
+ * See the JDBCRealm.howto for more details on how to set up the database and
+ * for configuration options.
+ *
+ *
+ * TODO: - Work on authentication with non-plaintext passwords
+ *
+ *
* @author Craig R. McClanahan
* @author Carson McDonald
* @author Ignacio J. Ortega
@@ -210,44 +215,48 @@
/**
* Set the column in the user role table that names a role
* @param roleNameCol The column name
- */
+ */
public void setRoleNameCol(String roleNameCol) {
this.roleNameCol = roleNameCol;
}
/**
* Gets the digest algorithm used for credentials in the database
- * could be the same that MessageDigest accepts vor algorithm and "No" that is
the Default
- * @return
- */
+ * could be the same that MessageDigest accepts vor algorithm and "No" that
+ * is the Default
+ * @return
+ */
public String getDigest() {
return digest;
}
/**
* Sets the digest algorithm used for credentials in the database
- * could be the same that MessageDigest accepts vor algorithm and "No" that is
the Default
+ * could be the same that MessageDigest accepts vor algorithm and "No"
+ * that is the Default
* @param algorithm the Encode type
- */
+ */
public void setDigest(String algorithm) {
digest = algorithm;
}
-
-/**
- * When connectOnInit is setted to "true" the JDBC connection is started at tomcat
init
- * if false the connection is started in the first times is needed.
- * @param s "true" or "false"
- */
- public void setConnectOnInit(String s) {
- connectOnInit = Boolean.valueOf(s).booleanValue();
+
+ /**
+ * When connectOnInit is true the JDBC connection is started at tomcat init
+ * if false the connection is started the first times it is needed.
+ * @param b
+ */
+ public void setConnectOnInit(boolean b) {
+ connectOnInit = b;
}
/**
* If there are any errors with the JDBC connection, executing
- * the query or anything we return false (don't authenticate). This event is
also logged.
+ * the query or anything we return false (don't authenticate). This event
+ * is also logged.
* If there is some SQL exception the connection is set to null.
* This will allow a retry on the next auth attempt. This might not
- * be the best thing to do but it will keep tomcat from needing a restart if
the database goes down.
+ * be the best thing to do but it will keep tomcat from needing a restart
+ * if the database goes down.
*
* @param username Username of the Principal to look up
* @param credentials Password or other credentials to use in authenticating
this username
@@ -322,7 +331,8 @@
(connectionPassword == null || connectionPassword.equals(""))) {
dbConnection = DriverManager.getConnection(connectionURL);
} else {
- dbConnection = DriverManager.getConnection(connectionURL,
connectionName, connectionPassword);
+ dbConnection = DriverManager.getConnection(connectionURL,
+ connectionName, connectionPassword);
}
JDBCstarted=true;
if (dbConnection == null || dbConnection.isClosed()) {
@@ -345,13 +355,14 @@
*
* @param username the user name
* @return the roles array
- */
+ */
public synchronized String[] getUserRoles(String username) {
try {
if (!checkConnection())
return null;
if (preparedRoles == null) {
- String sql = "SELECT " + roleNameCol + " FROM " + userRoleTable + "
WHERE " + userNameCol + " = ?";
+ String sql = "SELECT " + roleNameCol + " FROM " + userRoleTable
+ + " WHERE " + userNameCol + " = ?";
if (debug >= 1)
log("JDBCRealm.roles: " + sql);
preparedRoles = dbConnection.prepareStatement(sql);
@@ -422,12 +433,8 @@
}
}
-/**
- * Hook implementation
- * @param req
- * @param response
- * @return
- */
+ /** Authenticate hook implementation */
+
public int authenticate(Request req, Response response) {
String user = (String)req.getNote(userNote);
String password = (String)req.getNote(passwordNote);
@@ -439,7 +446,6 @@
req.setAuthType(ctx.getAuthMethod());
if (user != null) {
req.setRemoteUser(user);
- // req.setNote(reqRealmSignNote,this);
String userRoles[] = getUserRoles(user);
req.setUserRoles(userRoles);
return OK;
@@ -449,7 +455,8 @@
}
/**
- * Digest password using the algorithm especificied and convert the result to a
corresponding hex string.
+ * Digest password using the algorithm especificied and
+ * convert the result to a corresponding hex string.
* If exception, the plain credentials string is returned
* @param credentials Password or other credentials to use in authenticating
this username
* @param algorithm Algorithm used to do th digest
@@ -472,10 +479,10 @@
}
}
-/**
- * JDBCRealm can be used as a standalone tool for offline password digest
- * @param args
- */
+ /**
+ * JDBCRealm can be used as a standalone tool for offline password digest
+ * @param args
+ */
public static void main(String args[]) {
if (args.length >= 2) {
if (args[0].equalsIgnoreCase("-a")) {
@@ -487,7 +494,7 @@
}
}
- /** Called when the ContextManger is started */
+ /** Called when the ContextManager is started */
public void engineInit(ContextManager cm) throws TomcatException {
super.engineInit(cm);
init(cm);
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
