geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (GERONIMO-1880) To Allow configurable password digests during REALM Deployment.
Date Thu, 23 Nov 2006 08:26:02 GMT
     [ http://issues.apache.org/jira/browse/GERONIMO-1880?page=all ]

Vamsavardhana Reddy reassigned GERONIMO-1880:
---------------------------------------------

    Assignee: Vamsavardhana Reddy

> To Allow configurable password digests during REALM Deployment.
> ---------------------------------------------------------------
>
>                 Key: GERONIMO-1880
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-1880
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1
>         Environment: Geronimo1.1
>            Reporter: Phani Balaji Madgula
>         Assigned To: Vamsavardhana Reddy
>             Fix For: 1.2
>
>
> Hi,
> I observed REALM deployments in TOMCAT, I feel to have same kind of flexibility in specifying
password DIGESTs for realms. Tomcat allows password DIGEST to be specified while declaring
REALM in server.xml.
>  <GlobalNamingResources>
>    <Resource name="PhaniUserDatabase" auth="Container"
>               type="org.apache.catalina.UserDatabase"
>        description="User database that can be updated and saved"
>            factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>           pathname="conf/tomcat-users-1.xml" />
>  </GlobalNamingResources>
>  <Engine name="Catalina" defaultHost="localhost">
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>              resourceName="UserDatabase"/>
>  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>              resourceName="PhaniUserDatabase" digest="MD5"/>
> </Engine>
> Now, user can store MD5 digested passwords for the users in tomcat-users-1.xml file as
follows.
> <?xml version='1.0' encoding='utf-8'?>
> <tomcat-users>
>   <role rolename="role2"/>
>   <role rolename="role4"/>
>   <role rolename="role1"/>
>   <role rolename="role3"/>
>   <user username="nag" password="9fdc8b3f3027472d64e26a8e88fa2727" roles="role3,role4"/>
>   <user username="phani" password="c49f410c89f1031f816031ba60215f50" roles="role1,role2"/>
>   <user username="balaji" password="e75c1a66ae406db7d2f451b216b10664" roles="role3,role4"/>
> </tomcat-users>
> If user accesses any web application that declared security constraints with role1,role2,role3,role4,
Tomcat will challenge the user for authentication where the user needs to specify userid and
clear text password. Tomcat will digest the supplied password and compare it with what is
specified in the file.
> Can we have same kind of feature in Geronimo also? That is, to specify DIGEST in REALM
deployment plan.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message