tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Burch <br...@PingToo.com>
Subject Tomcat 7.0.41 JNDIRealm revision 1491394
Date Thu, 27 Jun 2013 17:34:25 GMT
I eventually got round to integration testing of 7.0.41 yesterday and 
was baffled to find I couldn't logon!

To cut a long debugging story short, revision 1491394 has a bug that was 
introduced as part of the standardisation of our Base64 handling. I 
wasn't sure whether I ought to open a new bug...

Here is the diff that works for me:


Index: java/org/apache/catalina/realm/JNDIRealm.java
===================================================================
--- java/org/apache/catalina/realm/JNDIRealm.java	(revision 1491394)
+++ java/org/apache/catalina/realm/JNDIRealm.java	(working copy)
@@ -1573,9 +1573,10 @@
                      password = password.substring(5);
                      md.reset();
 
md.update(credentials.getBytes(Charset.defaultCharset()));
-                    byte[] decoded = Base64.decodeBase64(md.digest());
+                    byte[] digest = md.digest();
+                    byte[] base64 = Base64.encodeBase64(digest);
                      String digestedPassword =
-                            new String(decoded, B2CConverter.ISO_8859_1);
+                            new String(base64, B2CConverter.ISO_8859_1);
                      validated = password.equals(digestedPassword);
                  }
              } else if (password.startsWith("{SSHA}")) {



BTW. The code is identical in trunk, so this patch works there too.


Thinks... pity some of this stuff doesn't have some lightweight unit tests.

Sorry to be a informal with this notification, but I thought timeliness 
was more important than style!

Brian

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message