In filing bug report #602 ( JDBCRealm and jakarta-tomcat-4.0-m5 ), the patch
I pasted didn't seem to make it into the report, so here it is again, just
in case. My apologies if this ends up duplicating the bug submission :)
On a semi-related note, I went through and modified the 3.2 version of
JDBCRealm to store the passwords in the database hashed, in a slightly
different way ( of course before I found the same functionality in 4.0 ). I
know someone else mentioned this in searching through the mailing list
archives, would it be Ok to submit a patch that allows 3.2.x JDBCRealm to
handle this in the same way that jakarta-tomcat-4.0-m5 does for 'forward'
compatibility?
--- JDBCRealm.java Fri Dec 15 00:47:41 2000
+++ JDBCRealm-rev.java Fri Dec 15 16:27:52 2000
@@ -225,7 +225,7 @@
*
*/
- private String digest="No";
+ private String digest="";
// -------------------------------------------------------------
Properties
@@ -467,8 +467,8 @@
preparedAuthenticate.setString(1, username);
ResultSet rs1 = preparedAuthenticate.executeQuery();
boolean found = false;
- if (rs1.next()) {
- if (digest.equals("No")){
+ if (rs1.next()) {
+ if (digest.equals("") || digest.equalsIgnoreCase("No")){
if (credentials.equals(rs1.getString(1))) {
if (debug >= 2)
log(sm.getString("jdbcRealm.authenticateSuccess",
@@ -721,7 +721,15 @@
try {
Class.forName(driverName);
- dbConnection = DriverManager.getConnection(connectionURL);
+ if ((connectionName == null || connectionName.equals("")) &&
+ (connectionPassword == null || connectionPassword.equals("")))
{
+ dbConnection =
DriverManager.getConnection(connectionURL);
+ } else {
+ dbConnection =
DriverManager.getConnection(connectionURL,
+
connectionName,
+
connectionPassword);
+ }
+
} catch( ClassNotFoundException ex ) {
throw new LifecycleException("JDBCRealm.start.readXml: " + ex, ex);
}
