Bug 55839 - DataSourceRealm doesn't handle prefix on password digest
DataSourceRealm doesn't handle prefix on password digest
Status: RESOLVED FIXED
Product: Tomcat 7
Classification: Unclassified
Component: Catalina
trunk
PC All
: P2 normal (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2013-12-03 16:30 UTC by Steve Holmes
Modified: 2013-12-05 16:14 UTC (History)
0 users



Attachments
Entire class with additional check for prefix. (18.68 KB, text/plain)
2013-12-03 16:30 UTC, Steve Holmes
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Steve Holmes 2013-12-03 16:30:00 UTC
Created attachment 31088 [details]
Entire class with additional check for prefix.

Similar to bug #37984 which provided a fix for JNDIRealm, DataSourceRealm should also remove prefixes of the form {SHA}, {MD5}, etc before comparing the digests.

The attached class(sorry - corporate firewall wouldn't allow me to create a patch) is suitable for my own needs (where the prefix is provided in lower case, so is compared case-insensitively), but I acknowledge that a fuller fix may be more appropriate, e.g. providing a helper method for removing known prefixes in RealmBase.
Comment 1 Mark Thomas 2013-12-05 16:14:20 UTC
I've added generic support for this to 8.0.x and 7.0.48 which will be included in 7.0.48 and 8.0.0-RC6 onwards. If you are able to test this just to make sure I didn't forget anything before those releases that would be great.