svn commit: r1303339 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/realm/RealmBase.java webapps/docs/changelog.xml

Wed, 21 Mar 2012 03:03:43 -0700 

Author: markt
Date: Wed Mar 21 10:03:18 2012
New Revision: 1303339

URL: http://svn.apache.org/viewvc?rev=1303339&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52953
When using DIGEST auth, digests are always represented using lower case hex 
characters

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1303338

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1303339&r1=1303338&r2=1303339&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java Wed Mar 
21 10:03:18 2012
@@ -29,6 +29,7 @@ import java.security.NoSuchAlgorithmExce
 import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Locale;
 
 import javax.servlet.http.HttpServletResponse;
 
@@ -402,7 +403,8 @@ public abstract class RealmBase extends 
                                   String qop, String realm,
                                   String md5a2) {
 
-        String md5a1 = getDigest(username, realm);
+        // In digest auth, digests are always lower case
+        String md5a1 = getDigest(username, realm).toLowerCase(Locale.ENGLISH);
         if (md5a1 == null)
             return null;
         String serverDigestValue;

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1303339&r1=1303338&r2=1303339&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed Mar 21 10:03:18 2012
@@ -122,6 +122,13 @@
         consistent with similar methods across the code base and have it return
         the system class loader if no parent class loader is set. (markt)
       </scode>
+      <fix>
+        <bug>52953</bug>: Ensure users can authenticate when using DIGEST
+        authentication with digested passwords if the digested password is
+        stored using upper case hexadecimal characters since DIGEST
+        authentication expects digests to use lower case characters. Based on a
+        patch provided by Neale Rudd. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to