Bug 55839

Summary: DataSourceRealm doesn't handle prefix on password digest
Product: Tomcat 7 Reporter: Steve Holmes <897ty8723tgribvjhbvjh847rt3487rt4_dfvkjdbv23lkdm23klm>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: trunk   
Target Milestone: ---   
Hardware: PC   
OS: All   
Attachments: Entire class with additional check for prefix.

Description Steve Holmes 2013-12-03 16:30:00 UTC
Created attachment 31088 [details]
Entire class with additional check for prefix.

Similar to bug #37984 which provided a fix for JNDIRealm, DataSourceRealm should also remove prefixes of the form {SHA}, {MD5}, etc before comparing the digests.

The attached class(sorry - corporate firewall wouldn't allow me to create a patch) is suitable for my own needs (where the prefix is provided in lower case, so is compared case-insensitively), but I acknowledge that a fuller fix may be more appropriate, e.g. providing a helper method for removing known prefixes in RealmBase.
Comment 1 Mark Thomas 2013-12-05 16:14:20 UTC
I've added generic support for this to 8.0.x and 7.0.48 which will be included in 7.0.48 and 8.0.0-RC6 onwards. If you are able to test this just to make sure I didn't forget anything before those releases that would be great.