tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <>
Subject Re: default JAAS realm for StandardEngine
Date Tue, 08 Apr 2003 17:04:14 GMT
Ok, I tested the MemoryUserRealm with embed - and it still works fine,
at least at engine level.

I'll test it in standalone as well, and add some extra fixes to make 
sure in JMX mode the order is not significant ( i.e. you can define the
realm mbean before or after context/host/engine - right now it has to be
after ).

If MemoryRealm works - probably the UserDatabaseRealm will work too, 
except that JNDI settup is not implemented yet in embed ( I assume the
embedding app will deal with the JNDI ).

I'll try to take a look at the code that handles the UI for user management,
one mbean/user is not supported by any realm ( except the memory one ), 
doesn't scale and it should be deprecated ( or even removed ) in 5.0 ( if we
managed to change the /admin code ). It would be far better to add methods
to add users/change user attributes in the JDBC/LDAP modules.


Amy Roh wrote:

> Costin Manolache wrote:
>> Amy Roh wrote:
>>>What's the background for StandardEngine returning JAAS realm by default
>>>when its realm is null?
>> Speaking of auth: how difficult would it be to change the user management
>> part in /admin to use a different model.
>> Instead of one mbean per user - which is extremely inefficient and can't
>> scale - it would be one mbean for the entire realm. It can have a method
>> to return the list of user names, and one to return attributes for
>> an individual user. Or something like that.
> Not sure.  I know it won't be trivial.  As you probably know, user,
> group, role mbeans are implemented in mbeans directory using User,
> Group, Role interfaces in o.a.c.  Craig worked on those.
> Well, since JAASRealm is set as default Realm for engine, it gets added
> when an engine is created via admin.  JAASRealm isn't currently
> supported in admin.  What are the editable properties for the realm?
> Thanks,
> Amy
>> I didn't do any research in this area - if there are any reasonable user
>> management APIs in use.
>> IMO JAAS should be recomended for authentication, and we should also try
>> to get JAAS LoginModules to be manageable and register an mbean. That
>> would be very usefull for other reasons - monitoring, caching and also
>> consistent configuration ( i.e. people would configure the mbean, and not
>> have to edit login.config options ).
>> Costin
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message