tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "mech" <m...@rz.fh-augsburg.de>
Subject RE: Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated
Date Tue, 18 Feb 2003 19:03:54 GMT
Thanks, but I think I don't have a problem with "lost" roles objects,
because I deliberately delete/update the roles table that JDBCRealm
uses.
The issue is that Tomcat obviously does not re-query the database every
time you call request.isUserInRole(). I believe it just reads out the
roles at the point of time you perform a login and every later
request.isUserInRole() works on that cached Collection instead of doing
a query on the database to get the most-up-to-date values every time.

The "roles objects" of the form-based auth you mentioned... Where can I
find these objects, is it possible to retrieve it (and if yes,how?) from
the request or is it maybe part of the session context or something? I
believe if it's not some kind of tomcat internal collection I should be
able to update it manually at the same time I update the db.

The only thing I don't want to do from the usability point of view is to
force the user to logoff and re-login just to be able to make use of his
new/updated role "rights". I still hope there's a better way to let
Tomcat know of the role updates.

Michael

> -----Original Message-----
> From: fcai@findlaw.com [mailto:fcai@findlaw.com] 
> Sent: Dienstag, 18. Februar 2003 18:57
> To: tomcat-user@jakarta.apache.org
> Cc: tomcat-user@jakarta.apache.org
> Subject: Re: Tomcat 4.1.18 container-specific security 
> mechanism+JDBCRealm+How to update user roles without 
> logoff/relogin when DB updated
> 
> 
> I believe there is a problem in Tomcat Form-based 
> authentication mechanism which some times
> request.isUserInRole() does not work becuase the
> Actionmapping lost roles object somehow.
> 
> There are 2 approaches  you can go:
> 
> 1. Plug in your own authentication/authorization schema
> into Tomcat
> 2. modifyTomcat Form-Based authentication mechanism
> 
> On Tue, 18 Feb 2003, "mech" wrote:
> 
> > Importance: Normal
> > X-Mailscanner-Spamcheck: not spam, SpamAssassin
> (Wertung=0.8, benötigt 5,
> > 	SPAM_PHRASE_00_01)
> > Message-Id:
> <000001c2d751$22671920$0101a8c0@meduron700>
> > List-Help:
> <mailto:tomcat-user-help@jakarta.apache.org>
> > List-Unsubscribe:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > From: "mech" <mech@rz.fh-augsburg.de>
> > X-Priority: 3 (Normal)
> > X-Mailer: Microsoft Outlook, Build 10.0.2627
> > Reply-To: "Tomcat Users List"
> <tomcat-user@jakarta.apache.org>
> > Reply-To: <mech@informatik.fh-augsburg.de>
> > List-Id: "Tomcat Users List"
> <tomcat-user.jakarta.apache.org>
> > X-Mimeole: Produced By Microsoft MimeOLE
> V6.00.2600.0000
> > Date: Tue, 18 Feb 2003 14:24:53 +0100
> > Received: (cpmta 20792 invoked from network); 18 Feb
> 2003 05:24:56 -0800
> > Received: (cpmta 20783 invoked from network); 18 Feb
> 2003 05:24:56 -0800
> > Received: from 208.185.179.12 (HELO apache.org)
> > 	by smtp.c014.snv.cp.net (209.228.35.96) with SMTP;
> 18 Feb 2003 05:24:56 -0800
> > Received: (qmail 90104 invoked by uid 500); 18 Feb
> 2003 13:24:41 -0000
> > Received: (qmail 90092 invoked from network); 18 Feb
> 2003 13:24:41 -0000
> > Received: from av2.rz.fh-augsburg.de (HELO
> FH-Augsburg.DE) (141.82.16.242)
> > 	by daedalus.apache.org with SMTP; 18 Feb 2003
> 13:24:41 -0000
> > Received: from meduron700
> (dial19-220.RZ.FH-Augsburg.DE [141.82.19.220])
> > 	by FH-Augsburg.DE (8.12.6/8.12.6) with ESMTP id
> h1IDQ087011192
> > 	for <tomcat-user@jakarta.apache.org>; Tue, 18 Feb
> 2003 14:26:00 +0100 (MET)
> > Mailing-List: contact
> tomcat-user-help@jakarta.apache.org; run by ezmlm
> > X-Msmail-Priority: Normal
> > Content-Type: text/plain;
> > 	charset="Windows-1252"
> > X-Received: 18 Feb 2003 13:24:56 GMT
> > List-Post: <mailto:tomcat-user@jakarta.apache.org>
> > Subject: Tomcat 4.1.18 container-specific security
> mechanism+JDBCRealm+How to update user roles without
> logoff/relogin when DB updated
> > X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
> > List-Subscribe:
> <mailto:tomcat-user-subscribe@jakarta.apache.org>
> > Precedence: bulk
> > Delivered-To: findlaw.com%fangfang@findlaw.com
> > Delivered-To: findlaw.com%fcai@findlaw.com
> > Delivered-To: mailing list
> tomcat-user@jakarta.apache.org
> > Return-Path:
> <tomcat-user-return-53843-fcai=findlaw.com@jakarta.apache.org>
> > Content-Transfer-Encoding: 7bit
> > MIME-Version: 1.0
> > To: <tomcat-user@jakarta.apache.org>
> > X-Mailscanner: Found to be clean
> > 
> > Hi,
> > 
> > I'm using Tomcats build in form-based auth mechanism
> > and a JDBCRealm
> > with usernames and roles from my DB.
> > 
> > It can happen that a user does a login and later due
> to
> > some workflow he
> > either obtains or looses a role.
> > I can do the insert/delete of those roles without a
> > problem in my DB.
> > Unfortunately as long as the user stays logged on the
> > webapp Tomcat
> > seems to cache the role information as it was when the
> > user previously
> > performed his login.
> > 
> > Means in detail that my DB is up-to-date but every
> > request.isUserInRole() is not and gives me either
> true,
> > although the
> > role is already deleted or false, although I provided
> > that role already.
> > 
> > Is there any better way to update Tomcats security
> > system to use the
> > current roles and not to force a logoff and relogin?
> > I have no idea at the moment where Tomcat stores the
> > role info after
> > login so that I could somehow update this info at the
> > same time I update
> > my DB.
> > 
> > I hope someone can provide my a hint if and how this
> > can be done. I
> > hoped there would be some opposite feature of
> > request.isUserInRole()
> > like response.setUserRole() or something...
> > 
> > Thx.
> > Michael
> > 
> > 
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > tomcat-user-help@jakarta.apache.org
> 
> 
> _________________________________________________
> FindLaw - Free Case Law, Jobs, Library, Community 
http:///www.FindLaw.com Get your FREE @JUSTICE.COM email!
http://mail.Justice.com

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message