tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Hargraves <chargra...@webmiles.com>
Subject JDBCRealm enhancements
Date Wed, 02 May 2001 14:36:47 GMT
First off. Is JDBCRealm just an example of what can be done or is it meant 
for actual use?

If it's only meant as an example of how to write a RequestInterceptor, then 
don't bother to read on, please just respond and tell me so.

We need to add some functionality to JDBCRealm that I think a lot of other 
people might also be able to use.

The following modifications are:

1) The option to put in the password encode type -- This is for those 
companies that encode the password (I think most do). 
Currently only 'base64' and 'none' are supported. This is done by adding an 
attribute in the server.xml tag in the RequestInterceptor called 
encryptMethod. 
I just used the SecurityTools.base64Decode(password) method to do this.

2) The option of storing the userid as well as the username. -- This is done 
by adding another optional attribute that states the userid column. 
This enables user-role table to be queried against the userid instead of the 
username for those sites that have a lot of users. It also throws the userid 
in the session for those that need the userid throughout the entire 
application.

Please tell me what you think. We already added the functionality so there is 
no work for anyone else to do, but to review the code. 

Christian Hargraves

Mime
View raw message