I eventually got round to integration testing of 7.0.41 yesterday and
was baffled to find I couldn't logon!
To cut a long debugging story short, revision 1491394 has a bug that was
introduced as part of the standardisation of our Base64 handling. I
wasn't sure whether I ought to open a new bug...
Here is the diff that works for me:
Index: java/org/apache/catalina/realm/JNDIRealm.java
===================================================================
--- java/org/apache/catalina/realm/JNDIRealm.java (revision 1491394)
+++ java/org/apache/catalina/realm/JNDIRealm.java (working copy)
@@ -1573,9 +1573,10 @@
password = password.substring(5);
md.reset();
md.update(credentials.getBytes(Charset.defaultCharset()));
- byte[] decoded = Base64.decodeBase64(md.digest());
+ byte[] digest = md.digest();
+ byte[] base64 = Base64.encodeBase64(digest);
String digestedPassword =
- new String(decoded, B2CConverter.ISO_8859_1);
+ new String(base64, B2CConverter.ISO_8859_1);
validated = password.equals(digestedPassword);
}
} else if (password.startsWith("{SSHA}")) {
BTW. The code is identical in trunk, so this patch works there too.
Thinks... pity some of this stuff doesn't have some lightweight unit tests.
Sorry to be a informal with this notification, but I thought timeliness
was more important than style!
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
