2013/6/27 Brian Burch <br...@pingtoo.com>: > I eventually got round to integration testing of 7.0.41 yesterday and was > baffled to find I couldn't logon! > > To cut a long debugging story short, revision 1491394 has a bug that was > introduced as part of the standardisation of our Base64 handling. I wasn't > sure whether I ought to open a new bug...
Your numbering is wrong, that revision is not ours. It was this one: http://svn.apache.org/viewvc?diff_format=l&view=revision&revision=1459346 > Here is the diff that works for me: > > > Index: java/org/apache/catalina/realm/JNDIRealm.java > =================================================================== > --- java/org/apache/catalina/realm/JNDIRealm.java (revision 1491394) > +++ java/org/apache/catalina/realm/JNDIRealm.java (working copy) > @@ -1573,9 +1573,10 @@ > password = password.substring(5); > md.reset(); > > md.update(credentials.getBytes(Charset.defaultCharset())); > - byte[] decoded = Base64.decodeBase64(md.digest()); > + byte[] digest = md.digest(); > + byte[] base64 = Base64.encodeBase64(digest); > String digestedPassword = > - new String(decoded, B2CConverter.ISO_8859_1); > + new String(base64, B2CConverter.ISO_8859_1); > validated = password.equals(digestedPassword); > } > } else if (password.startsWith("{SSHA}")) { > > In short, s/ decodeBase64 / encodeBase64 /. It is fun that {MD5}&{SHA} branch and {SSHA} branch there use different approaches there (encoding the user-supplied password vs. decoding the stored one). > > BTW. The code is identical in trunk, so this patch works there too. > > > Thinks... pity some of this stuff doesn't have some lightweight unit tests. > > Sorry to be a informal with this notification, but I thought timeliness was > more important than style! > Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
