-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jason,
On 3/10/16 4:40 PM, Jason Overland wrote:
> Chris,
>
> On Thu, Mar 10, 2016 at 6:18 AM, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>> Give this patch a try: ... I have no idea how the options get
>> parsed; we'll see if this simple implementation will get you
>> going again.
>>
>> -chris
>>
>
> The parsing is working correctly. After applying the patch I
> could login successfully. Then I added digest=SHA to jaas.config
> and it stopped working ("wrong password").
>
> On further inspection I found that our CallbackHandler was
> digesting the password before passing it back to the
> JAASMemoryModule, however CredentialHandler expects
> inputCredentials to be plaintext. So I commented out the part of
> our CallbackHandler that digests the password and now it's working.
> That seems ok to me.
You could also just not specify the "digest=SHA" in your JAAS
configuration. My patch will always configure an otherwise-empty
MessageDigestCredentialHandler which, in the absence of any "digset"
being set, simply use plaintext passwords. (Or, rather, the
CredentialHandler won't actually mutate the credentials on the way
through.)
> So I think this patch is sufficient to get us going again. Thanks
> for the quick turnaround. If this patch looks good to everyone, do
> you think it can make it into the next Tomcat patch release?
I see Mark already replied saying he would work on it a bit. My patch
was a quick POC to see if it would work and not, IMO,
production-quality, etc. But we should be able to do something for you
pretty quickly. And you should be able to use it in YOUR production
system right away if you'd like. The final patch will simply be more
robust, support more options, and likely cover cases outside what you
were requesting.
Sorry about the oversight in the MemoryRealm.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlbh80IACgkQ9CaO5/Lv0PCudACguQJO6uAmfKG7pG23McHvJVm/
mA8AnAubCHy73F81KAdLfDdEihffkCQe
=xfMg
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
