Martin Thanks for the reply. I already went through a similar page, but with no success.
Subsequent to your reply I kept trying and found that the reason was that I was not using org.apache.catalina.realm.RealmBase to create the digest, but rather java.security.MessageDigest. This seems to have caused some problem, since although the digest looked similar, it was not. Thanks for the help Regards, Rian -----Original Message----- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: 20 May 2006 15:56 To: Tomcat Users List Subject: Re: JDBCRealm authentication failing with MD5 Good Morning Rian- I would suggest having a look at and following all of the steps in the JDBC How to tutorial at http://tomcat.apache.org/tomcat-3.3-doc/JDBCRealm-howto.html the important item here is to exercise the basic functionality of generating a digested MD5 password which can be accomplished with command line java org.apache.tomcat.modules.aaa.RealmBase -a MD5 <password> where password is the plain text password to be digested Anyone else ?? Martin -- This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. ----- Original Message ----- From: "Rian Brand" <[EMAIL PROTECTED]> To: <users@tomcat.apache.org> Sent: Saturday, May 20, 2006 9:01 AM Subject: JDBCRealm authentication failing with MD5 > Hi all > > > > I am trying to set up a security realm on Tomcat using JDBCRealm and MD5 > encryption. It works perfectly when using plain text, but it fails the > moment I switch to a MD5 digest. I have been through the documentation, > forums and FAQ's but I am afraid I can not resolve this on my own, so help > would be appreciated. > > > > When attempting to login, the logfile simply states: > > JDBCRealm[/asdf]: Username username1 NOT successfully authenticated > > > > I checked and when generating the MD5 with the command line it seems the > same. I have tried to play with the database character encoding, without > success. If this is the incorrect, please point it out. > > > > The relevant section of the context file is: > > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > > digest="MD5" > > driverName="org.gjt.mm.mysql.Driver" > > > connectionURL="jdbc:mysql://localhost:3306/mydb?user=myusername&password > =mypassword" > > userTable="authuser" userNameCol="uname" userCredCol="passwd" > > userRoleTable="user_roles" roleNameCol="role_name"/> > > > > In the web.xml, the relevant section is: > > <security-constraint> > > <display-name> Security Constraint</display-name> > > <web-resource-collection> > > <web-resource-name>Protected Area</web-resource-name> > > <!-- Define the context-relative URL(s) to be protected --> > > <url-pattern>*.htm</url-pattern> > > </web-resource-collection> > > <auth-constraint> > > <!-- Anyone with one of the listed roles may access this area --> > > <role-name>operations</role-name> > > </auth-constraint> > > </security-constraint> > > > > <!-- Default login configuration uses form-based authentication --> > > <login-config> > > <auth-method>FORM</auth-method> > > <realm-name>My Authentication Area</realm-name> > > <form-login-config> > > <form-login-page>/WEB-INF/jsp/login.jsp</form-login-page> > > <form-error-page>/WEB-INF/jsp/error.jsp</form-error-page> > > </form-login-config> > > </login-config> > > > > <!-- Security roles referenced by this web application --> > > <security-role> > > <role-name>operations</role-name> > > </security-role> > > > > The relevant part of the database schema is as follows: > > CREATE TABLE authuser ( > > id int(4) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, > > uname varchar(25) NOT NULL UNIQUE default '' > COMMENT 'Username', > > passwd varchar(32) NOT NULL default '' > COMMENT 'Encrypted password', > > INDEX FKIndexUserId (id) > > ) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT='Users table'; > > > > CREATE TABLE user_roles ( > > id int(4) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT COMMENT > 'Id', > > uname varchar(15) not null > COMMENT 'name, same as in Authuser table', > > role_name varchar(15) not null > COMMENT 'Role this user is allowed', > > CONSTRAINT CSconstraint FOREIGN KEY (uname) REFERENCES authuser(uname) > > ); > > ALTER TABLE user_roles ADD UNIQUE(uname, role_name); > > > > Finally, at the risk of making the mail too long, here is the relevant > parts > login.jsp: > > <form method="POST" action='<%= response.encodeURL("j_security_check") %>' > > > > <table cellspacing="0" cellpadding="0" align="center" width="700"> > > <tr> > > <td valign="top" class="main_table" > colspan="2"><br> > > <b class="blue"> Log into system </b> > > <hr align="left"> > > <br> > > <table cellspacing="0" cellpadding="0"> > > <tr> > > > <td> > <img src="Images/lock1.jpg" alt=""> > > > </td> > > <td> > > <table> > > <tr> > > <td > align="right" class="input_table_td">Username:</td> > > <td > class="input_table_td"><input type="text" name="j_username"></td> > > </tr> > > <tr> > > <td > align="right" class="input_table_td2">Password:</td> > > <td > class="input_table_td2"><input type="password" name="j_password"></td> > > </tr> > > <tr> > > <td > align="right"><input type="submit" value="Log In"></td> > > </tr> > > </table> > > </td> > > </tr> > > </table> > > </form> > > > > I am using: > > Tomcat 5.0 > > MySql 4.1.7nt > > JDK 1.4 > > > > Thank you in advance > > > > Rian > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
