Hi, I have implemeted the methods getPassword() and getPrincipal() in JDBCRealm. Digest authentication works for me with these changes. One thing that still doest work is if I have stored the password in encrypted form in the database. I have doubts if this will always work in the scenario where the password has been persisted using say SHA and the web authentication utilises MD5. Will the responseDigest send by client and the one generated at the server match? Following are the chages I have made. I am new to this forum, can somebody guide me on how these changes can be committed if approved. Thanks.
/** * Return the password associated with the given principal's user name. */ protected String getPassword(String username) { Connection dbConnection = null; String dbCredentials = null; try { // Ensure that we have an open database connection dbConnection = open(); // Look up the user's credentials PreparedStatement stmt = credentials(dbConnection, username); ResultSet rs = stmt.executeQuery(); while (rs.next()) { dbCredentials = rs.getString(1).trim(); } rs.close(); if (dbCredentials == null) { return (null); } // Release the database connection we just used release(dbConnection); } catch (SQLException e) { e.printStackTrace(); // Log the problem for posterity log(sm.getString("jdbcRealm.exception"), e); // Close the connection so that it gets reopened next time if (dbConnection != null) close(dbConnection); } return (dbCredentials); // return (null); // earlier code } /** * Return the Principal associated with the given user name. */ protected Principal getPrincipal(String username) { Connection dbConnection = null; GenericPrincipal principal = null; try { String credentials = getPassword(username); // Ensure that we have an open database connection dbConnection = open(); // Accumulate the user's roles ArrayList list = new ArrayList(); PreparedStatement stmt = roles(dbConnection, username); ResultSet rs = stmt.executeQuery(); while (rs.next()) { list.add(rs.getString(1).trim()); } rs.close(); dbConnection.commit(); // Create and return a suitable Principal for this user principal = (new GenericPrincipal(this, username, credentials, list)); // Release the database connection we just used release(dbConnection); } catch (SQLException e) { e.printStackTrace(); // Log the problem for posterity log(sm.getString("jdbcRealm.exception"), e); // Close the connection so that it gets reopened next time if (dbConnection != null) close(dbConnection); } return (principal); // return (null); // earlier code } ----- Original Message ----- From: "Uddhav Shirname" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 11, 2003 7:07 PM Subject: JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns null) > Hi, > I am unable to authenticate using digest authentication. I browsed > through the code and found that getPassword() method in JDBCRealm returns > null (harcoded). I am using the following configuration. Am I missing > something somewhere? > server.xml: > ---------- > <Realm > className="org.apache.catalina.realm.JDBCRealm" > debug="99" > digest="MD5" > driverName="oracle.jdbc.driver.OracleDriver" > connectionURL="jdbc:oracle:thin:@lohgad:1521:dsoft" > connectionName="uddhav" > connectionPassword="uddhav" > userTable="tab_users" > userNameCol="user_name" > userCredCol="user_pass" > userRoleTable="tab_user_roles" > roleNameCol="role_name" /> > > web.xml: > --------- > <login-config> > <auth-method>DIGEST</auth-method> > <realm-name>OnJava Application</realm-name> > </login-config> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]