Hi,
I have implemeted the methods getPassword() and getPrincipal() in
JDBCRealm. Digest authentication works for me with these changes. One thing
that still doest work is if I have stored the password in encrypted form in
the database. I have doubts if this will always work in the scenario where
the password has been persisted using say SHA and the web authentication
utilises MD5. Will the responseDigest send by client and the one generated
at the server match?
Following are the chages I have made. I am new to this forum, can somebody
guide me on how these changes can be committed if approved. Thanks.
/**
* Return the password associated with the given principal's user name.
*/
protected String getPassword(String username) {
Connection dbConnection = null;
String dbCredentials = null;
try {
// Ensure that we have an open database connection
dbConnection = open();
// Look up the user's credentials
PreparedStatement stmt = credentials(dbConnection, username);
ResultSet rs = stmt.executeQuery();
while (rs.next()) {
dbCredentials = rs.getString(1).trim();
}
rs.close();
if (dbCredentials == null) {
return (null);
}
// Release the database connection we just used
release(dbConnection);
} catch (SQLException e) {
e.printStackTrace();
// Log the problem for posterity
log(sm.getString("jdbcRealm.exception"), e);
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
}
return (dbCredentials);
// return (null); // earlier code
}
/**
* Return the Principal associated with the given user name.
*/
protected Principal getPrincipal(String username) {
Connection dbConnection = null;
GenericPrincipal principal = null;
try {
String credentials = getPassword(username);
// Ensure that we have an open database connection
dbConnection = open();
// Accumulate the user's roles
ArrayList list = new ArrayList();
PreparedStatement stmt = roles(dbConnection, username);
ResultSet rs = stmt.executeQuery();
while (rs.next()) {
list.add(rs.getString(1).trim());
}
rs.close();
dbConnection.commit();
// Create and return a suitable Principal for this user
principal = (new GenericPrincipal(this, username, credentials,
list));
// Release the database connection we just used
release(dbConnection);
} catch (SQLException e) {
e.printStackTrace();
// Log the problem for posterity
log(sm.getString("jdbcRealm.exception"), e);
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
}
return (principal);
// return (null); // earlier code
}
----- Original Message -----
From: "Uddhav Shirname" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 11, 2003 7:07 PM
Subject: JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns
null)
> Hi,
> I am unable to authenticate using digest authentication. I browsed
> through the code and found that getPassword() method in JDBCRealm returns
> null (harcoded). I am using the following configuration. Am I missing
> something somewhere?
> server.xml:
> ----------
> <Realm
> className="org.apache.catalina.realm.JDBCRealm"
> debug="99"
> digest="MD5"
> driverName="oracle.jdbc.driver.OracleDriver"
> connectionURL="jdbc:oracle:thin:@lohgad:1521:dsoft"
> connectionName="uddhav"
> connectionPassword="uddhav"
> userTable="tab_users"
> userNameCol="user_name"
> userCredCol="user_pass"
> userRoleTable="tab_user_roles"
> roleNameCol="role_name" />
>
> web.xml:
> ---------
> <login-config>
> <auth-method>DIGEST</auth-method>
> <realm-name>OnJava Application</realm-name>
> </login-config>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
