The problem lies in the use of digest="SHA-1" in the Realm configuration. I
modified the stored password by hashing it using SHA-1 as well as modifying
the attribute, but authentication fails.
Summarising:
I have the following configuration:
<Realm
className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost:3306/<databasename>?user=<username>&am
p;password=<userpassword>"
userTable="users"
userNameCol="id"
userCredCol="passwd"
userRoleTable="userroles"
roleNameCol="role"
digest="SHA-1"/>
....and the SHA-1 hash of <user name>:<realm name>:<password> stored in my
users table
...but I don't have authentication.
According to
http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardN
ames.html#MessageDigest,
....SHA-1 is a valid algorithm name, so I'm having some trouble spotting the
fault here.
It seems to be the encoding of the password as stored in the database as
Tomcat isn't throwing any exceptions or logging anything.
Cheers,
Etienne
Thank-you Konstantin...I think I was misled by some postings I read while
searching, that referred to specifying either hex or base64 in the realm
configuration.
This time, I left out the digestEncoding attribute altogether, reducing the
<Realm> tag in context.xml to the following:
<Realm
className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost:3306/<databasename>?user=<username>&am
p;password=<userpassword>"
userTable="users"
userNameCol="id"
userCredCol="passwd"
userRoleTable="userroles"
roleNameCol="role"
digest="MD5"/>
The purpose underlying the question was to authenticate against my MySQL
database. I was failing under the following conditions:
Password digested at browser using SHA-1
Password stored in table as base64-encoded SHA-1 digest
I succeeded under the following conditions:
Password digested at browser using MD5
Password stored in table as MD5 digest without encoding
Now I just need to find out which of the modifications fixed my fault.
Cheers,
Etienne
-----Original Message-----
From: Konstantin Kolinko [mailto:[email protected]]
Sent: 27 January 2011 11:56
To: Tomcat Users List; [email protected]
Subject: Re: Valid values for digestEncoding attribute?
2011/1/27 Ing. Etienne V. Depasquale <[email protected]>:
> Good day,
>
>
>
> I am unable to identify valid values for the digestEncoding attribute to
use
> with the <Realm> tag of my app's context.xml file.
>
> I've inspected RealmBase.java and JDBCRealm.java, apart from some
googling,
> without finding anything suitable.
http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/realm/RealmB
ase.html
says it is "The encoding charset for the digest." -- note the "charset" word
So "ISO-8859-1" might be good?
If not set (null) it defaults to the platform default charset.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
