On 14/04/2020 07:34, Brian Burch wrote: <snip/>
> I searched for usages of MessageDigestCredentialHandler.setAlgorithm, > but only found it used once - within TestJNDIRealm. I did not find any > occurrences within tomcat mainline code, but would not be surprised if > the algorithm was intended to be set within code which used > introspection at runtime. Correct. During the parsing of server.xml > My initial code inspection makes me strongly suspect tomcat does not > initialise JNDIRealm and a nested CredentialHandler properly during > startup. However, I am not smart enough to attach my debugger to the > tomcat jvm until it is too late. > > I had a smart idea... at a breakpoint I changed the value of the > algorithm instance variable from null to "SHA" before the comparison, > but I was slapped down with the following Exception:- If you had tried "SHA-1" here it should have worked. > So, if anyone has read this far, perhaps you can suggest my next best > course of action. Does this seem to be a bug in tomcat processing of > server.xml and initialisation of the JNDIReal nested CredentialHandler's > algorithm attribute? Is there a smart way to catch the tc8 startup > process and catch it early enough in my remote debugger? > > Are the classes org.apache.catalina.storeconfig.RealmSF and > CredentialHandlerSF where I should be looking for a bug? No. That is to do with writing out server.xml. You can ignore them in this context. If it were a Tomcat bug I'd start looking around RealmRuleSet or CredentialHandlerRuleSet > Or perhaps I > have just coded my server.xml badly and the algorithm is being silently > ignored? I'd expect you to see an error message if your server.xml isn't quite right although that is what this looks like. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
