tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jack" <>
Subject Thank you for response
Date Mon, 23 Jan 2006 04:05:55 GMT
"Bill Barker" <> wrote in message 
> Really a users@ question, so I won't bother to reply inline.
It's my pleasure to have your response.

> What Jack wants is pretty much an enhanced version of UserDatabase.  He 
> can do much of what he wants with a really fancy custom UserDatabase, but 
> would need changes to do more advanced X509 stuff (also, the current 
> config wouldn't be as nice as he would want).
You are pretty right.

Since the design of authorization in the spec allows authorization to be 
speparated from authentication.
The container is able to take care of all authorization checking.

However, authentication is more web-app dependent. Authentication doesn't 
mean we have to use ssl,
as I have mentioned in "a bit info".

It seems that you agreed to the solution in reply to my post "Realms in 
tomcat" in user group.

Any idea to implement such a fancy UserDatabase?
I hope Mr. Thomas' hybrid realms could deal all the following 
All the following things at the same level, they all should be managed by 
his "hybrid realm" (UserContext)
            access database through jdbc for username/password & roles
            access database through ldap for username/password & roles
            access xml file for username/password & roles
            access xml file for certificateid/keyid/email & roles map
            access database for certificateid/keyid/email & roles map
            access online PGP keyserver
            access local keystore
            access local cacerts

Such a hybrid realm/UserContext of a web-app should be hybrid.
Every web-app has a usercontext, the engine has a usercontext, and every 
host has a usercontext.
The roles are defined in web.xml. For engine usercontext, its roles are 
defined in tomcat-users.xml
One application:
PGP keys are stored on online keyserver, however,
the map between roles & keyid/email/certificateid could be stored on local 
xml file or database.

Any idea on how to put all these things in a UserDatabase?

I have tried to do UserManager, UserContext managing all kinds of realms,
 and separate all these things from the original realm package
(leave the original realm package continue act as a authorization checker).
Later, I found that if my code can not be integrated into tomcat, when 
tomcat evolves
my source code will have to be changed all the time, then I gave up.

Instead, I have to deliver my idea to you guys.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message