A. Weinert schrieb:
> Rainer Jung schrieb:
>> I added an optional configurable default role to the JNDIRealm.
>> That's useful, if you only want to authenticate the users (password
>> check).
>>
>> http://svn.apache.org/viewvc?rev=697213&view=rev
>>
>> I could as well add it to most of the other Realms, but I'm wondering,
>> if it would make more sense to introduce an additional getRoles to
>> RealmBase, which returns the default role if configured and can be
>> included in the getRoles already present in most of the Realm
>> implementations.
>>
>> Thoughts?
>>
>> Regards,
>>
>> Rainer
>
> Im my opinion a most useful feature,
> as itreally is in ADweRealm (see
> http://a-weinert.de/java/docs/aWeinertBib/de/a_weinert/realm/ADweRealm.html
> ) for Active Directory.
>
> Active Directory (AD) lists certain default group memberships not
> explicitely. So an user account, who is just "Domänen-Benutzer",
> would get authentication but no roles and hence no Tomcat
> rights w/o such a default role feature.
>
> But I'm not sure if a change to the base class (RealmBase) is much help.
> To use ADweRealm again as an example, it implements a primitive way
> of Realm Chaining (badly needed with AD and missed in Tomcat). Here the
> default role signals which Realm the user got her authentication from.
> Under this aspect a base class implementation of the default role
> feature would only make sense if the Realm Chaining feature would be
> implemented there as well.
I'll have a look, as it's already ASL 2 licensed. I also have recursive
role searches in the queue (not committed yet) and Mark recently added a
CombinedRealm to trunk.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
|