DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10623>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10623 JDBCRealm lacks one DB commit, preventing sucessfull authentication under certain circunstances [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Major |Normal OS/Version|Linux |All Priority|Other |Medium Summary|JDBCRealm with Digest stops |JDBCRealm lacks one DB |working after a while |commit, preventing | |sucessfull authentication | |under certain circunstances ------- Additional Comments From [EMAIL PROTECTED] 2002-07-11 02:03 ------- I've finnaly sorted it out. I couldn't reproduce the problem so it was very dificult do figure it out. It afects JBDCRealm regardless of using a digest or not. The problem is in org.apache.catalina.realm.JDBCRealm about line 402 in method "authenticate". The transaction is only commited if the credentials are validated, otherwise the method returns without commiting the database transactions and thus will be unaware of changes made to the database. If a user forgets its password and a new one is inserted into the database, he will never be able to login, unless someone else logs in, thus commiting the transaction and making the changes visible to JDBCRealm. Aparently tomcat uses two instances of JDBCRealm, so one has to insert a wrong password twice, and them update the password in the database, in order to reproduce the problem. This seems very easy to solve. Wope it can be fixed for the next tomcat release. Thanks. Keep up the excelent work. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
