Sorry for delayed response, Once I comment out the CredentialHandler in context xml both in my app's context.xml and in global context.xml, and add realm to server.xml. CredentialHandler returns null once again. ________________________________ От: Christopher Schultz <ch...@christopherschultz.net> Отправлено: 5 ноября 2023 г. 18:16 Кому: users@tomcat.apache.org <users@tomcat.apache.org> Тема: Re: Accessing Credential handler inside the web application always returns null
Азат, On 10/31/23 13:53, Усманов Азат Анварович wrote: > Hi everyone! CredentialHandler became not null, as soon as I > transferred Realm definition from server.xml to context.xml(after > checking the source code) .I've been able to see the new pbkdf2 > version of the given clear text password even with old 9.0.64 > version. I was wondering is the necessity to have realm defined > inside context. xml for accessing CredentialHandler a design decision > or a possible bug in tomcat itself?. It wasn't mentioned in tomcat > documentation. Perhaps it should be added in the docs. Hmm... it shouldn't matter if you define your <Realm> in server.xml or in app/META-INF/context.xml. Are you sure that was the only difference between working/not-working configurations? Thanks, -chris > ________________________________ > От: Усманов Азат Анварович <usma...@ieml.ru> > Отправлено: 30 октября 2023 г. 20:25 > Кому: users@tomcat.apache.org <users@tomcat.apache.org> > Тема: RE: Accessing Credential handler inside the web application always > returns null > > I did recheck using 9.0.82, unfortunately nothing has changed > CredentialHandler is still null > ________________________________ > От: Christopher Schultz <ch...@christopherschultz.net> > Отправлено: 30 октября 2023 г. 18:52 > Кому: Tomcat Users List <users@tomcat.apache.org>; Усманов Азат Анварович > <usma...@ieml.ru> > Тема: Re: Accessing Credential handler inside the web application always > returns null > > Азат, > > On 10/29/23 20:45, Усманов Азат Анварович wrote: >> Hi everyone!I'm trying to test CredentialHandeler functionality on our >> test server (Tomcat 9.0.64) inside the web-app >> I Our realm is defined as follows( excerpt from server.xml >> ) >> <Realm className="org.apache.catalina.realm.DataSourceRealm" >> dataSourceName="jdbc/IEML_DB" roleNameCol="RoleName" userCredCol="PWD" >> userNameCol="UserName" userRoleTable="educ.ad_UserRoles" >> userTable="educ.ad_Users"> >> <CredentialHandler >> className="org.apache.catalina.realm.NestedCredentialHandler"> >> <CredentialHandler >> className="org.apache.catalina.realm.SecretKeyCredentialHandler"/> >> <CredentialHandler >> className="org.apache.catalina.realm.MessageDigestCredentialHandler" >> algorithm="MD5" /> >> </CredentialHandler> >> </Realm> >> Currently pwd column defined as Oracle (RAW) only stores md5 hashes, I was >> hoping to upgrade to PBKDF2 using tomcat ?so here is the relevant part >> basic login controller code (LoginCheckServlet) >> LoginCheckServlet >> >> protected void doGet(HttpServletRequest request, HttpServletResponse >> response) throws ServletException, IOException { >> ... >> String userName = request.getParameter("j_username"); >> String password = request.getParameter("j_password"); >> HttpSession session = request.getSession(); >> >> UserRecord user=... //load data from db >> if >> (user.checkCorrectPassword(password,session.getServletContext())) { >> CredentialHandler >> cr=Security.getCredentialHandler(getServletContext()); >> System.out.println(cr.mutate(password));// >> hoping to see my password displayed as pbkdf2 hash >> >> ..... >> } >> >> Security.getCredentialHandler >> >> public static CredentialHandler getCredentialHandler(final >> ServletContext context) { >> System.out.println("context"+context) ;// prints >> contextorg.apache.catalina.core.ApplicationContextFacade@33f1f7c7 >> System.out.println("context vs"+context.getMajorVersion()); // >> prints 4 >> >> System.out.println("ATRIB"+context.getAttribute(Globals.CREDENTIAL_HANDLER));//always >> prints ATRIB null >> return (CredentialHandler) >> context.getAttribute(Globals.CREDENTIAL_HANDLER); >> } > > Your code and configuration looks reasonable to me. > >> So basically it always return null when trying to access >> CredentialHandler attribute inside Security.getCredentialHandler >> method,Any idea why it might be the case ? > Are you able to re-try with Tomcat 9.0.70 or later? There is a > changelog[1] entry which may be important for you: > > " > Fix: Improve the behavior of the credential handler attribute that is > set in the Servlet context so that it actually reflects what is used > during authentication. (remm) > " > > There was a problem specifically with the NestedCredentialHandler, I > think, which was not working as expected. 9.0.70 includes a fix that > should improve things for you. > > -chris > > > [1] > https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.70_(remm) --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org