tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ignacio J. Ortega" <>
Subject RE: JDBCRealm enhancements
Date Wed, 02 May 2001 20:38:48 GMT
digested passwords is on 3.3 nightly builds not exactly as yours ..some
slightly better  with MessageDigest and bit more configurable...the
other can be done but i think it's partiicular need for your app,
subject of inheritance thought .. in all cases the changes only can go
to 3.3 ..3.2.x is in bug fix only mode..

Thanks for the feedback..

post the RFE in with your code as an
attach following guidelines on jakarta site ..


Saludos ,
Ignacio J. Ortega

> -----Mensaje original-----
> De: Christian Hargraves []
> Enviado el: miƩrcoles 2 de mayo de 2001 16:37
> Para:
> Asunto: JDBCRealm enhancements
> First off. Is JDBCRealm just an example of what can be done 
> or is it meant 
> for actual use?
> If it's only meant as an example of how to write a 
> RequestInterceptor, then 
> don't bother to read on, please just respond and tell me so.
> We need to add some functionality to JDBCRealm that I think a 
> lot of other 
> people might also be able to use.
> The following modifications are:
> 1) The option to put in the password encode type -- This is for those 
> companies that encode the password (I think most do). 
> Currently only 'base64' and 'none' are supported. This is 
> done by adding an 
> attribute in the server.xml tag in the RequestInterceptor called 
> encryptMethod. 
> I just used the SecurityTools.base64Decode(password) method 
> to do this.
> 2) The option of storing the userid as well as the username. 
> -- This is done 
> by adding another optional attribute that states the userid column. 
> This enables user-role table to be queried against the userid 
> instead of the 
> username for those sites that have a lot of users. It also 
> throws the userid 
> in the session for those that need the userid throughout the entire 
> application.
> Please tell me what you think. We already added the 
> functionality so there is 
> no work for anyone else to do, but to review the code. 
> Christian Hargraves

View raw message