Hi Baris,
I tried:
java -classpath CATALINA_HOME/server/lib/catalina.jar
org.apache.catalina.realm.RealmBase -a MD5 aksu
And got:
aksu:394e654ca65973f232653fb0008c603d
So that seems to be working correctly. You may want to try changing
<auth-method>BASIC</auth-method>, to
<auth-method>DIGEST</auth-method>. Since the browser is getting the
password you want it to be digested before it goes out on the net for
security unless you are using SSL. Then it gets encrypted anyway and
digesting just protects your passwords from observation on the server side.
This might require you to turn off digest in the realm.
You can also increase the debug level in the realm and see what the log
files say.
Hope this helps,
Rick
----- Original Message -----
From: "ahmet dalli" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 27, 2002 3:14 AM
Subject: Tomcat Realms with Digested Passwords -Urgent- ( A little
longish...)
> Hi all,
>
> I am trying to use JDBCRealm to store user login
> information in an oracle database. I am working on a
> Windows2000 machine, using jdk1.4, and Tomcat4.0.4.
>
> In server.xml, i have this configuration:
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> <Realm
> className="org.apache.catalina.realm.JDBCRealm"
> debug="99"
> driverName="oracle.jdbc.driver.OracleDriver"
> connectionURL="jdbc:oracle:thin:usr/pass@host:1521:ORCL"
> userTable="users" userNameCol="user_name"
> userCredCol="user_pass" userRoleTable="user_roles"
> roleNameCol="role_name" digest="MD5" />
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> In an Oracle8i database, i have a table called "users"
> which has two columns named "user_name" and
> "user_pass" ; and yet another one called
> "user_roles" with to columns named "user_name" and
> "user_role".
>
> When i store user passwords in cleartext, everything
> works fine.
>
> I want to store passwords in a digested form. So, i
> have used the following code to store a user_name :
> baris, user_pass : aksu and user_role : director.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> import org.apache.catalina.realm.RealmBase;
> import java.io.*;
> import java.sql.*;
>
> public class DigestDene {
> public static void main(String[] args) {
> try {
> String username = args[0];
> String password = args[1];
> String role = args[2];
> String digested =
> RealmBase.Digest(password, "MD5");
> //Here, code that connects to the database
> /* ...... */
> stmt.executeUpdate("insert into users values('" +
> username + "', '" + digested + "')");
> stmt.executeUpdate("insert into user_roles values
> ('" + username + "', '" + role + "')");
> }
> catch(Exception ex) {}
> }
> }
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Then, i have inserted my user's info from the
> command-line with :
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
> java DigestDene baris aksu director
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> After this, I have these values in the database :
> (in table users)
> USER_NAME USER_PASS
> --------------- ------------------------
> baris 394e654ca65973f232653fb0008c603d
>
> (in table user_roles)
> USER_NAME USER_ROLE
> ------------------- ---------
> baris director
>
> Lastly, in web.xml i have these lines :
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Basla Servlet
> </web-resource-name>
> <url-pattern>/servlet/IlkGirisServlet
> </url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>director</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> </login-config>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> When i try to acces my protected resource, i am
> presented with the classic login screen for BASIC
> authentication, and after i type "baris" for username
> and "aksu" for password, Tomcat doesn't simply let me
> in.
>
> Any suggestions or comments will be greatly
> appreciated.
>
> Baris.....
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
