tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Cuthbert <>
Subject Security on JDBC Realm new features
Date Mon, 01 May 2006 19:33:58 GMT

I am trying to improve the security for authenticating users on my  
JDBC realm. What we require is the ability to lock out accounts on  
the database
when a user enters more than 3 incorrect passwords. Now i have made  
some changes to the and i would like some comments
on the features that i have added. Could someone from the tomcat team  
have a look at the attached code and configuration file and let me
know if this is the correct way to go about doing this.

Changes -

authenticate : Adding in a counter to check how many times a user  
gets the incorrect password from the database.
LockAccount : new method to handle the update to the database so that  
accounts can be locked.

Testing -

I have tested this on OSX as that is the system i use, but i am going  
to do some further testing on linux as that is what the server
application is installed on.

server.xml config would be

       <Realm  className="org.apache.catalina.realm.JDBCRealm"
          connectionName="tomcat" connectionPassword="tomcat"
               userTable="users" userNameCol="user_name"  
           userRoleTable="user_roles" roleNameCol="role_name"
           accstatusCol="accountstatus" acclockouttry="3"/>

View raw message