Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
8.0.15
-
None
-
None
-
MS Windows 10, Open-JDK 17 (Oracle)
Description
In Tomee 8.0.15 the CredentialHandler setup inside context.xml is not working:
<Realm appName="SQLLogin"
className="org.apache.catalina.realm.JAASRealm"
roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal"
userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal">
<CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler"
algorithm="sha-512"
saltLength="0"
iterations="1000"/>
</Realm>
The indentical code is working up to 8.0.14.
Expected behavior:
If the user the enters the password "password" in a login screen they should be logged in, if the stored 'password' inside the credential store (e.g. data source, or properties file) equals: $1000$3dd6e976577884f22378edb795a86609f6f383a902dc4b11f66276fb992fbaf022e17788180050da92c0e881a9667a4799f0f8d8cfd3effcfd832c274cadb923
Observed behavior:
Acces is denied. Access will be granted however if the stored password (hash) is replaced by:
password
Im using JAAS with form based login.
I have created a test series with identical configurations:
TomEE 8.0.11 -> OK
TomEE 8.0.12 -> OK
TomEE 8.0.13 -> OK
TomEE 8.0.14 -> OK
TomEE 8.0.15 -> FAILS