RE: Accessing Credential handler inside the web application always returns null

[Усманов Азат Анварович]

Sorry for delayed response, Once I comment out the CredentialHandler in context 
xml both in my app's context.xml and in global context.xml, and add realm to 
server.xml. CredentialHandler returns null once again.
________________________________
От: Christopher Schultz <ch...@christopherschultz.net>
Отправлено: 5 ноября 2023 г. 18:16
Кому: users@tomcat.apache.org <users@tomcat.apache.org>
Тема: Re: Accessing Credential handler inside the web application always 
returns null

Азат,

On 10/31/23 13:53, Усманов Азат Анварович wrote:
> Hi everyone! CredentialHandler became not null, as soon as I
> transferred Realm definition from server.xml to context.xml(after
> checking the source code) .I've been able to see the new pbkdf2
> version of the given clear text password even with old  9.0.64
> version. I was wondering is the necessity to have realm defined
> inside context. xml for accessing CredentialHandler a design decision
> or a possible  bug in tomcat itself?. It wasn't mentioned in tomcat
> documentation. Perhaps it should be added in the docs.
Hmm... it shouldn't matter if you define your <Realm> in server.xml or
in app/META-INF/context.xml. Are you sure that was the only difference
between working/not-working configurations?

Thanks,
-chris

> ________________________________
> От: Усманов Азат Анварович <usma...@ieml.ru>
> Отправлено: 30 октября 2023 г. 20:25
> Кому: users@tomcat.apache.org <users@tomcat.apache.org>
> Тема: RE: Accessing Credential handler inside the web application always 
> returns null
>
> I did recheck using 9.0.82, unfortunately nothing has changed 
> CredentialHandler is still null
> ________________________________
> От: Christopher Schultz <ch...@christopherschultz.net>
> Отправлено: 30 октября 2023 г. 18:52
> Кому: Tomcat Users List <users@tomcat.apache.org>; Усманов Азат Анварович 
> <usma...@ieml.ru>
> Тема: Re: Accessing Credential handler inside the web application always 
> returns null
>
> Азат,
>
> On 10/29/23 20:45, Усманов Азат Анварович wrote:
>> Hi everyone!I'm trying to test CredentialHandeler functionality on    our 
>> test server (Tomcat 9.0.64) inside the web-app
>> I Our realm is defined as follows( excerpt from server.xml
>> )
>>       <Realm className="org.apache.catalina.realm.DataSourceRealm" 
>> dataSourceName="jdbc/IEML_DB" roleNameCol="RoleName" userCredCol="PWD" 
>> userNameCol="UserName" userRoleTable="educ.ad_UserRoles" 
>> userTable="educ.ad_Users">
>>      <CredentialHandler 
>> className="org.apache.catalina.realm.NestedCredentialHandler">
>> <CredentialHandler  
>> className="org.apache.catalina.realm.SecretKeyCredentialHandler"/>
>>    <CredentialHandler 
>> className="org.apache.catalina.realm.MessageDigestCredentialHandler" 
>> algorithm="MD5" />
>>    </CredentialHandler>
>>      </Realm>
>> Currently pwd  column defined as  Oracle (RAW) only stores md5 hashes, I was 
>> hoping to upgrade to PBKDF2 using tomcat ?so  here is the relevant part 
>> basic  login  controller code  (LoginCheckServlet)
>> LoginCheckServlet
>>
>>       protected void doGet(HttpServletRequest request, HttpServletResponse 
>> response) throws ServletException, IOException {
>> ...
>>       String userName = request.getParameter("j_username");
>>             String password = request.getParameter("j_password");
>>       HttpSession session = request.getSession();
>>             
>>                     UserRecord user=... //load data from db
>>                         if 
>> (user.checkCorrectPassword(password,session.getServletContext())) {
>>                               CredentialHandler 
>> cr=Security.getCredentialHandler(getServletContext());
>>                               System.out.println(cr.mutate(password));// 
>> hoping to see my password displayed as pbkdf2 hash
>>
>> .....
>> }
>>
>> Security.getCredentialHandler
>>
>>       public static CredentialHandler getCredentialHandler(final 
>> ServletContext context) {
>>             System.out.println("context"+context) ;// prints 
>> contextorg.apache.catalina.core.ApplicationContextFacade@33f1f7c7
>>             System.out.println("context vs"+context.getMajorVersion()); // 
>> prints 4
>>             
>> System.out.println("ATRIB"+context.getAttribute(Globals.CREDENTIAL_HANDLER));//always
>>   prints ATRIB null
>>             return (CredentialHandler) 
>> context.getAttribute(Globals.CREDENTIAL_HANDLER);
>>             }
>
> Your code and configuration looks reasonable to me.
>
>> So basically it always  return null  when trying to access
>> CredentialHandler attribute inside Security.getCredentialHandler
>> method,Any idea why it might be the case ?
> Are you able to re-try with Tomcat 9.0.70 or later? There is a
> changelog[1] entry which may be important for you:
>
> "
> Fix: Improve the behavior of the credential handler attribute that is
> set in the Servlet context so that it actually reflects what is used
> during authentication. (remm)
> "
>
> There was a problem specifically with the NestedCredentialHandler, I
> think, which was not working as expected. 9.0.70 includes a fix that
> should improve things for you.
>
> -chris
>
>
> [1]
> https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.70_(remm)

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org