55839 – DataSourceRealm doesn't handle prefix on password digest

Bug 55839 - DataSourceRealm doesn't handle prefix on password digest

Summary: DataSourceRealm doesn't handle prefix on password digest

Status:	RESOLVED FIXED

Alias:	None

Product:	Tomcat 7
Classification:	Unclassified
Component:	Catalina (show other bugs)
Version:	trunk
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-12-03 16:30 UTC by Steve Holmes
Modified:	2013-12-05 16:14 UTC (History)
CC List:	0 users

Attachments
Entire class with additional check for prefix. (18.68 KB, text/plain) 2013-12-03 16:30 UTC, Steve Holmes	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Steve Holmes 2013-12-03 16:30:00 UTC

Created attachment 31088 [details]
Entire class with additional check for prefix.

Similar to bug #37984 which provided a fix for JNDIRealm, DataSourceRealm should also remove prefixes of the form {SHA}, {MD5}, etc before comparing the digests.

The attached class(sorry - corporate firewall wouldn't allow me to create a patch) is suitable for my own needs (where the prefix is provided in lower case, so is compared case-insensitively), but I acknowledge that a fuller fix may be more appropriate, e.g. providing a helper method for removing known prefixes in RealmBase.

Comment 1 Mark Thomas 2013-12-05 16:14:20 UTC

I've added generic support for this to 8.0.x and 7.0.48 which will be included in 7.0.48 and 8.0.0-RC6 onwards. If you are able to test this just to make sure I didn't forget anything before those releases that would be great.