This is my first patch to submit. I'm sorry I don't have a diff file to
go with it.
Anyway, when using Tomcat 3.2.1 JDBCRealm with Microsoft SQL Server, the
credential check fails when the correct username and password are
submitted by the user. After Tomcat receives the credentials from the
user, it queries the user table in the database for what the password
should be for the username received from the browser. When it compares
the password from the browser to the one from the database, the
comparison does not pass, even though the password is correct.
This is caused by the way SQL Server returns a string with trailing
spaces for the password query. The problem occurs for column type of
char or varchar as well.
The patch involves changing the following line from JDBCRealm.java
if (credentials.equals(rs1.getString(1))) {
to read as follows
if (credentials.equals(rs1.getString(1).trim())) {
This will trim the padded spaces from the password received from SQL
Server before comparing it to the password submitted by the user, and
the comparison will pass.
Thanks,
Larry
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
