From a52c39a698c68fa04789629a79c45ad1f882e627 Mon Sep 17 00:00:00 2001
From: ulrich
Date: Tue, 19 May 2020 10:23:09 +0000
Subject: [PATCH] Stile des Rollen-Dialogs verfeinert

---
 src/java/de/uhilger/um/TomcatDigester.java |   64 +++++++++++++++++++++++++++++---
 1 files changed, 58 insertions(+), 6 deletions(-)

diff --git a/src/java/de/uhilger/um/TomcatDigester.java b/src/java/de/uhilger/um/TomcatDigester.java
index dae60e8..75108a2 100644
--- a/src/java/de/uhilger/um/TomcatDigester.java
+++ b/src/java/de/uhilger/um/TomcatDigester.java
@@ -1,21 +1,73 @@
 /*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
+ *  Nutzerverwaltung - User and role management in your browser
+ *  Copyright (C) 2011-2016 Ulrich Hilger, http://uhilger.de
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see http://www.gnu.org/licenses/
  */
+
 package de.uhilger.um;
 
-import org.apache.catalina.realm.RealmBase;
+import java.security.NoSuchAlgorithmException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.apache.catalina.realm.MessageDigestCredentialHandler;
 
 /**
+ * Ein Digester für die Nutzerverwaltung, der die Klasse 
+ * RealmBase von Tomcat zum Verschlüsseln nutzt
  *
- * @author ulli
+ * @author Copyright (c) Ulrich Hilger, http://uhilger.de
+ * @author Published under the terms and conditions of the
+ * <a href="http://www.gnu.org/licenses/agpl-3.0" target="_blank">GNU Affero
+ * General Public License</a>
+ *
+ * @version 2, December 27, 2016
  */
 public class TomcatDigester implements Digester {
 
   @Override
   public String digest(String text, String algorithm, String encoding) {
-    return RealmBase.Digest(text, algorithm, encoding);
+    /*
+    Die Methode RealmBase.Digest ist mit dem Hinweis 'unused' ab 
+    Tomcat 9 entfernt worden. Das, obwohl die Tomcat-eigene Dokumentation
+    diese Methode ausdruecklich nennt, vgl. "Digested Passwords"
+    auf http://tomcat.apache.org/tomcat-10.0-doc/realm-howto.html
+    
+    Als Ersatz wird der MessageDigestCredentialHandler verwendet
+    */
+    //return RealmBase.Digest(text, algorithm, encoding);
+    //return text;
+    MessageDigestCredentialHandler mh = new MessageDigestCredentialHandler();
+    try {
+      mh.setAlgorithm(algorithm);
+    } catch (NoSuchAlgorithmException ex) {
+      Logger.getLogger(TomcatDigester.class.getName()).log(Level.SEVERE, null, ex);
+    }
+    mh.setEncoding(encoding);
+    return mh.mutate(text);
+  }
+
+  @Override
+  public boolean matches(String inputCredentials, String storedCredentials, String algorithm, String encoding) {
+    MessageDigestCredentialHandler mh = new MessageDigestCredentialHandler();
+    try {
+      mh.setAlgorithm(algorithm);
+    } catch (NoSuchAlgorithmException ex) {
+      Logger.getLogger(TomcatDigester.class.getName()).log(Level.SEVERE, null, ex);
+    }
+    mh.setEncoding(encoding);
+    return mh.matches(inputCredentials, storedCredentials);
   }
   
 }

--
Gitblit v1.9.3