DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9254>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9254 JDBCRealm leaves open Statements Summary: JDBCRealm leaves open Statements Product: Tomcat 4 Version: 4.0.3 Final Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Catalina:Modules AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The authenticate method in the JDBCRealm does not close the statements when it closes the result sets. This cause certain drivers to misbehave and throw an exception making the JDBCRealm unusable. please fix in 4.0.4! It would be proper to do the following: (look for '----->>' in two locations) public synchronized Principal authenticate(Connection dbConnection, String username, String credentials) throws SQLException { String dbCredentials = null; PreparedStatement stmt = credentials(dbConnection, username); ResultSet rs; for(rs = stmt.executeQuery(); rs.next();) dbCredentials = rs.getString(1).trim(); rs.close(); ----->> stmt.close(); if(dbCredentials == null) return null; boolean validated = false; if(hasMessageDigest()) validated = digest(credentials).equalsIgnoreCase(dbCredentials); else validated = digest(credentials).equals(dbCredentials); if(validated) { if(super.debug >= 2) log(sm.getString("jdbcRealm.authenticateSuccess", username)); } else { if(super.debug >= 2) log(sm.getString("jdbcRealm.authenticateFailure", username)); return null; } ArrayList list = new ArrayList(); stmt = roles(dbConnection, username); for(rs = stmt.executeQuery(); rs.next(); list.add(rs.getString(1).trim ())); rs.close(); ----->> stmt.close(); dbConnection.commit(); return new GenericPrincipal(this, username, credentials, list); } -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
