changelog.xml

markt Thu, 27 Jun 2013 13:03:10 -0700

Author: markt
Date: Thu Jun 27 20:02:46 2013
New Revision: 1497545

URL: http://svn.apache.org/r1497545
Log:
Fix regression in r1459346
Thanks to Brian Burch for spotting this and kkolinko for the fix.


Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1497538

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1497545&r1=1497544&r2=1497545&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java Thu Jun 
27 20:02:46 2013
@@ -1573,9 +1573,9 @@ public class JNDIRealm extends RealmBase
                     password = password.substring(5);
                     md.reset();
                     md.update(credentials.getBytes(Charset.defaultCharset()));
-                    byte[] decoded = Base64.decodeBase64(md.digest());
+                    byte[] encoded = Base64.encodeBase64(md.digest());
                     String digestedPassword =
-                            new String(decoded, B2CConverter.ISO_8859_1);
+                            new String(encoded, B2CConverter.ISO_8859_1);
                     validated = password.equals(digestedPassword);
                 }
             } else if (password.startsWith("{SSHA}")) {

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1497545&r1=1497544&r2=1497545&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu Jun 27 20:02:46 2013
@@ -110,6 +110,12 @@
         where ServletRequest/ServletResponse are custom implementations.
         (violetagg)
       </fix>
+      <fix>
+        Correct a regression introduced in 7.0.39 (refactoring of base 64
+        encoding and decoding) that broke the JNDI Realm when
+        <code>userPassword</code> was set and passwords were hashed with MD5 or
+        SHA1. (markt/kkolinko)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Cluster">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1497545 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/changelog.xml

Reply via email to