I have a problem where the digest element is seemingly being ignored when I
move my web app from development to production. The application uses form based
security and works just fine in development.
Here are the details.
Dev - tomcat 5.5.17 in Netbeans 5.5.1
Prod - tomcat 5.5.15 - this is the only difference I can see at this point. But
there doesn't seem to be anything in changelogs indicating a problem relating
to digested passwords being fixed.
Here is my context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/TDAssetRegister">
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/TeraJDBC"
digest="SHA"
localDataSource="true"
roleNameCol="Role_ID"
userCredCol="User_Pwd"
userNameCol="User_ID"
userRoleTable="user_roles"
userTable="valid_users"/>
<Resource name="jdbc/TeraJDBC" auth="Container" type="javax.sql.DataSource"
maxActive="100" maxIdle="30" maxWait="10000"
username="assetRegister" password="pass"
driverClassName="com.ncr.teradata.TeraDriver"
url="jdbc:teradata://dbc/database=AssetRegisterDB"/>
</Context>
As mentioned this works in dev. I've tried messing with the case of the digest
element and value (e.g. sha, Sha, SHA etc) and also tried MD5. I've also tried
placing the digest in different parts of the Realm.
So how do I know it is being ignored as opposed to simply not working? I tried
pasting a SHA digested password into the password field and succesfully logged
in. Then I tried changing the content of my valid_users table so that the
password was simply set to "pass" then entered "pass" as my password - lo and
behold, succesful login.
The production system 5.5.15 is a default implementation. The one exception is
a change to process *.jspf files as jsp's.
I plan to update the prodn server to 5.5.17 to see if this will solve the
problem. Unfortunately, I can not do this for a few days as the system is being
used for some demo's.
I was hoping someone would say, yes I had that problem and upgrading fixed it,
or what you need to do is ...!
TIA
glennm
