geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Phani Balaji Madgula (JIRA)" <...@geronimo.apache.org>
Subject [jira] Created: (GERONIMO-1880) To Allow configurable password digests during REALM Deployment.
Date Fri, 21 Apr 2006 10:00:05 GMT
To Allow configurable password digests during REALM Deployment.
---------------------------------------------------------------

         Key: GERONIMO-1880
         URL: http://issues.apache.org/jira/browse/GERONIMO-1880
     Project: Geronimo
        Type: Improvement
    Security: public (Regular issues) 
  Components: security  
    Versions: 1.1    
 Environment: Geronimo1.1
    Reporter: Phani Balaji Madgula


Hi,

I observed REALM deployments in TOMCAT, I feel to have same kind of flexibility in specifying
password DIGESTs for realms. Tomcat allows password DIGEST to be specified while declaring
REALM in server.xml.

 <GlobalNamingResources>

   <Resource name="PhaniUserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
       description="User database that can be updated and saved"
           factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
          pathname="conf/tomcat-users-1.xml" />

 </GlobalNamingResources>

 <Engine name="Catalina" defaultHost="localhost">

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>

 <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="PhaniUserDatabase" digest="MD5"/>

</Engine>

Now, user can store MD5 digested passwords for the users in tomcat-users-1.xml file as follows.

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="role2"/>
  <role rolename="role4"/>
  <role rolename="role1"/>
  <role rolename="role3"/>
  <user username="nag" password="9fdc8b3f3027472d64e26a8e88fa2727" roles="role3,role4"/>
  <user username="phani" password="c49f410c89f1031f816031ba60215f50" roles="role1,role2"/>
  <user username="balaji" password="e75c1a66ae406db7d2f451b216b10664" roles="role3,role4"/>
</tomcat-users>

If user accesses any web application that declared security constraints with role1,role2,role3,role4,
Tomcat will challenge the user for authentication where the user needs to specify userid and
clear text password. Tomcat will digest the supplied password and compare it with what is
specified in the file.

Can we have same kind of feature in Geronimo also? That is, to specify DIGEST in REALM deployment
plan.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message