It seems that this issue was addressed in past questions to the list:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200503.mbox/%3C4241A94
d.5040...@cox.net%3E
Sure enough, when I reversed the saved password back to the MD5 hash, Tomcat
authenticated my login, regardless of the SHA-1 attribute set in my <Realm>
tag's digest attribute.
Is this one application for programmatic authenticators as opposed to the
default that ships with Tomcat?
Cheers,
Etienne
The problem lies in the use of digest="SHA-1" in the Realm configuration. I
modified the stored password by hashing it using SHA-1 as well as modifying
the attribute, but authentication fails.
Summarising:
I have the following configuration:
<Realm
className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost:3306/<databasename>?user=<username>&am
p;password=<userpassword>"
userTable="users"
userNameCol="id"
userCredCol="passwd"
userRoleTable="userroles"
roleNameCol="role"
digest="SHA-1"/>
....and the SHA-1 hash of <user name>:<realm name>:<password> stored in my
users table
...but I don't have authentication.
According to
http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardN
ames.html#MessageDigest,
....SHA-1 is a valid algorithm name, so I'm having some trouble spotting the
fault here.
It seems to be the encoding of the password as stored in the database as
Tomcat isn't throwing any exceptions or logging anything.
Cheers,
Etienne
Thank-you Konstantin...I think I was misled by some postings I read while
searching, that referred to specifying either hex or base64 in the realm
configuration.
This time, I left out the digestEncoding attribute altogether, reducing the
<Realm> tag in context.xml to the following:
<Realm
className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost:3306/<databasename>?user=<username>&am
p;password=<userpassword>"
userTable="users"
userNameCol="id"
userCredCol="passwd"
userRoleTable="userroles"
roleNameCol="role"
digest="MD5"/>
The purpose underlying the question was to authenticate against my MySQL
database. I was failing under the following conditions:
Password digested at browser using SHA-1
Password stored in table as base64-encoded SHA-1 digest
I succeeded under the following conditions:
Password digested at browser using MD5
Password stored in table as MD5 digest without encoding
Now I just need to find out which of the modifications fixed my fault.
Cheers,
Etienne
-----Original Message-----
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
Sent: 27 January 2011 11:56
To: Tomcat Users List; ed...@ieee.org
Subject: Re: Valid values for digestEncoding attribute?
2011/1/27 Ing. Etienne V. Depasquale <ed...@ieee.org>:
> Good day,
>
>
>
> I am unable to identify valid values for the digestEncoding attribute to
use
> with the <Realm> tag of my app's context.xml file.
>
> I've inspected RealmBase.java and JDBCRealm.java, apart from some
googling,
> without finding anything suitable.
http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/realm/RealmB
ase.html
says it is "The encoding charset for the digest." -- note the "charset" word
So "ISO-8859-1" might be good?
If not set (null) it defaults to the platform default charset.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
