tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "mech" <m...@rz.fh-augsburg.de>
Subject RE: Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated
Date Tue, 18 Feb 2003 19:26:08 GMT
I guess I found the answer to my question in the documentation (again
;-))

"Once a user has been authenticated, the user (and his or her associated
roles) are cached within Tomcat for the duration of the user's login.
... . Any changes to the database information for an already
authenticated user will not be reflected until the next time that user
logs on again."

Unfortunately that destroyed my hope that I could work with an updated
role set without logoff/relogin. ;-( If not anyone has a workaround that
doesn't mean changing Tomcat sources or stop using form-auth.
I guess the cache increases performance, but would be nice to have a
least a chance to trigger an update in a servlet...

Michael

> -----Original Message-----
> From: mech [mailto:mech@RZ.FH-Augsburg.DE] 
> Sent: Dienstag, 18. Februar 2003 20:04
> To: 'Tomcat Users List'
> Subject: RE: Tomcat 4.1.18 container-specific security 
> mechanism+JDBCRealm+How to update user roles without 
> logoff/relogin when DB updated
> 
> 
> Thanks, but I think I don't have a problem with "lost" roles 
> objects, because I deliberately delete/update the roles table 
> that JDBCRealm uses. The issue is that Tomcat obviously does 
> not re-query the database every time you call 
> request.isUserInRole(). I believe it just reads out the roles 
> at the point of time you perform a login and every later
> request.isUserInRole() works on that cached Collection 
> instead of doing a query on the database to get the 
> most-up-to-date values every time.
> 
> The "roles objects" of the form-based auth you mentioned... 
> Where can I find these objects, is it possible to retrieve it 
> (and if yes,how?) from the request or is it maybe part of the 
> session context or something? I believe if it's not some kind 
> of tomcat internal collection I should be able to update it 
> manually at the same time I update the db.
> 
> The only thing I don't want to do from the usability point of 
> view is to force the user to logoff and re-login just to be 
> able to make use of his new/updated role "rights". I still 
> hope there's a better way to let Tomcat know of the role updates.
> 
> Michael
> 
> > -----Original Message-----
> > From: fcai@findlaw.com [mailto:fcai@findlaw.com]
> > Sent: Dienstag, 18. Februar 2003 18:57
> > To: tomcat-user@jakarta.apache.org
> > Cc: tomcat-user@jakarta.apache.org
> > Subject: Re: Tomcat 4.1.18 container-specific security 
> > mechanism+JDBCRealm+How to update user roles without
> > logoff/relogin when DB updated
> > 
> > 
> > I believe there is a problem in Tomcat Form-based
> > authentication mechanism which some times
> > request.isUserInRole() does not work becuase the
> > Actionmapping lost roles object somehow.
> > 
> > There are 2 approaches  you can go:
> > 
> > 1. Plug in your own authentication/authorization schema
> > into Tomcat
> > 2. modifyTomcat Form-Based authentication mechanism
> > 
> > On Tue, 18 Feb 2003, "mech" wrote:
> > 
> > > Importance: Normal
> > > X-Mailscanner-Spamcheck: not spam, SpamAssassin
> > (Wertung=0.8, benötigt 5,
> > > 	SPAM_PHRASE_00_01)
> > > Message-Id:
> > <000001c2d751$22671920$0101a8c0@meduron700>
> > > List-Help:
> > <mailto:tomcat-user-help@jakarta.apache.org>
> > > List-Unsubscribe:
> > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > From: "mech" <mech@rz.fh-augsburg.de>
> > > X-Priority: 3 (Normal)
> > > X-Mailer: Microsoft Outlook, Build 10.0.2627
> > > Reply-To: "Tomcat Users List"
> > <tomcat-user@jakarta.apache.org>
> > > Reply-To: <mech@informatik.fh-augsburg.de>
> > > List-Id: "Tomcat Users List"
> > <tomcat-user.jakarta.apache.org>
> > > X-Mimeole: Produced By Microsoft MimeOLE
> > V6.00.2600.0000
> > > Date: Tue, 18 Feb 2003 14:24:53 +0100
> > > Received: (cpmta 20792 invoked from network); 18 Feb
> > 2003 05:24:56 -0800
> > > Received: (cpmta 20783 invoked from network); 18 Feb
> > 2003 05:24:56 -0800
> > > Received: from 208.185.179.12 (HELO apache.org)
> > > 	by smtp.c014.snv.cp.net (209.228.35.96) with SMTP;
> > 18 Feb 2003 05:24:56 -0800
> > > Received: (qmail 90104 invoked by uid 500); 18 Feb
> > 2003 13:24:41 -0000
> > > Received: (qmail 90092 invoked from network); 18 Feb
> > 2003 13:24:41 -0000
> > > Received: from av2.rz.fh-augsburg.de (HELO
> > FH-Augsburg.DE) (141.82.16.242)
> > > 	by daedalus.apache.org with SMTP; 18 Feb 2003
> > 13:24:41 -0000
> > > Received: from meduron700
> > (dial19-220.RZ.FH-Augsburg.DE [141.82.19.220])
> > > 	by FH-Augsburg.DE (8.12.6/8.12.6) with ESMTP id
> > h1IDQ087011192
> > > 	for <tomcat-user@jakarta.apache.org>; Tue, 18 Feb
> > 2003 14:26:00 +0100 (MET)
> > > Mailing-List: contact
> > tomcat-user-help@jakarta.apache.org; run by ezmlm
> > > X-Msmail-Priority: Normal
> > > Content-Type: text/plain;
> > > 	charset="Windows-1252"
> > > X-Received: 18 Feb 2003 13:24:56 GMT
> > > List-Post: <mailto:tomcat-user@jakarta.apache.org>
> > > Subject: Tomcat 4.1.18 container-specific security
> > mechanism+JDBCRealm+How to update user roles without
> > logoff/relogin when DB updated
> > > X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
> > > List-Subscribe:
> > <mailto:tomcat-user-subscribe@jakarta.apache.org>
> > > Precedence: bulk
> > > Delivered-To: findlaw.com%fangfang@findlaw.com
> > > Delivered-To: findlaw.com%fcai@findlaw.com
> > > Delivered-To: mailing list
> > tomcat-user@jakarta.apache.org
> > > Return-Path:
> > <tomcat-user-return-53843-fcai=findlaw.com@jakarta.apache.org>
> > > Content-Transfer-Encoding: 7bit
> > > MIME-Version: 1.0
> > > To: <tomcat-user@jakarta.apache.org>
> > > X-Mailscanner: Found to be clean
> > > 
> > > Hi,
> > > 
> > > I'm using Tomcats build in form-based auth mechanism
> > > and a JDBCRealm
> > > with usernames and roles from my DB.
> > > 
> > > It can happen that a user does a login and later due
> > to
> > > some workflow he
> > > either obtains or looses a role.
> > > I can do the insert/delete of those roles without a
> > > problem in my DB.
> > > Unfortunately as long as the user stays logged on the 
> webapp Tomcat
> > > seems to cache the role information as it was when the
> > > user previously
> > > performed his login.
> > > 
> > > Means in detail that my DB is up-to-date but every
> > > request.isUserInRole() is not and gives me either
> > true,
> > > although the
> > > role is already deleted or false, although I provided
> > > that role already.
> > > 
> > > Is there any better way to update Tomcats security
> > > system to use the
> > > current roles and not to force a logoff and relogin?
> > > I have no idea at the moment where Tomcat stores the
> > > role info after
> > > login so that I could somehow update this info at the
> > > same time I update
> > > my DB.
> > > 
> > > I hope someone can provide my a hint if and how this
> > > can be done. I
> > > hoped there would be some opposite feature of
> > > request.isUserInRole()
> > > like response.setUserRole() or something...
> > > 
> > > Thx.
> > > Michael
> > > 
> > > 
> > >
> > 
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: 
> tomcat-user-help@jakarta.apache.org
> > 
> > 
> > _________________________________________________
> > FindLaw - Free Case Law, Jobs, Library, Community
> http:///www.FindLaw.com Get your FREE @JUSTICE.COM email! 
http://mail.Justice.com

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message