Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 77917 invoked from network); 18 Feb 2003 19:04:41 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 18 Feb 2003 19:04:41 -0000 Received: (qmail 17144 invoked by uid 97); 18 Feb 2003 19:06:17 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org Received: (qmail 17137 invoked from network); 18 Feb 2003 19:06:17 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 18 Feb 2003 19:06:17 -0000 Received: (qmail 73529 invoked by uid 500); 18 Feb 2003 19:03:41 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 73477 invoked from network); 18 Feb 2003 19:03:40 -0000 Received: from av2.rz.fh-augsburg.de (HELO FH-Augsburg.DE) (141.82.16.242) by daedalus.apache.org with SMTP; 18 Feb 2003 19:03:40 -0000 Received: from meduron700 (dial19-220.RZ.FH-Augsburg.DE [141.82.19.220]) by FH-Augsburg.DE (8.12.6/8.12.6) with ESMTP id h1IJ5287004974 for ; Tue, 18 Feb 2003 20:05:02 +0100 (MET) Reply-To: From: "mech" To: "'Tomcat Users List'" Subject: RE: Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated Date: Tue, 18 Feb 2003 20:03:54 +0100 Message-ID: <000001c2d780$7ee94e00$0101a8c0@meduron700> MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal In-Reply-To: <20030218095652.14276.h014.c014.wm@mail.findlaw.com.criticalpath.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=-0.8, ben�tigt 5, IN_REP_TO, QUOTED_EMAIL_TEXT, SPAM_PHRASE_00_01) X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Thanks, but I think I don't have a problem with "lost" roles objects, because I deliberately delete/update the roles table that JDBCRealm uses. The issue is that Tomcat obviously does not re-query the database every time you call request.isUserInRole(). I believe it just reads out the roles at the point of time you perform a login and every later request.isUserInRole() works on that cached Collection instead of doing a query on the database to get the most-up-to-date values every time. The "roles objects" of the form-based auth you mentioned... Where can I find these objects, is it possible to retrieve it (and if yes,how?) from the request or is it maybe part of the session context or something? I believe if it's not some kind of tomcat internal collection I should be able to update it manually at the same time I update the db. The only thing I don't want to do from the usability point of view is to force the user to logoff and re-login just to be able to make use of his new/updated role "rights". I still hope there's a better way to let Tomcat know of the role updates. Michael > -----Original Message----- > From: fcai@findlaw.com [mailto:fcai@findlaw.com]=20 > Sent: Dienstag, 18. Februar 2003 18:57 > To: tomcat-user@jakarta.apache.org > Cc: tomcat-user@jakarta.apache.org > Subject: Re: Tomcat 4.1.18 container-specific security=20 > mechanism+JDBCRealm+How to update user roles without=20 > logoff/relogin when DB updated >=20 >=20 > I believe there is a problem in Tomcat Form-based=20 > authentication mechanism which some times > request.isUserInRole() does not work becuase the > Actionmapping lost roles object somehow. >=20 > There are 2 approaches you can go: >=20 > 1. Plug in your own authentication/authorization schema > into Tomcat > 2. modifyTomcat Form-Based authentication mechanism >=20 > On Tue, 18 Feb 2003, "mech" wrote: >=20 > > Importance: Normal > > X-Mailscanner-Spamcheck: not spam, SpamAssassin > (Wertung=3D0.8, ben=F6tigt 5, > > SPAM_PHRASE_00_01) > > Message-Id: > <000001c2d751$22671920$0101a8c0@meduron700> > > List-Help: > > > List-Unsubscribe: > > > From: "mech" > > X-Priority: 3 (Normal) > > X-Mailer: Microsoft Outlook, Build 10.0.2627 > > Reply-To: "Tomcat Users List" > > > Reply-To: > > List-Id: "Tomcat Users List" > > > X-Mimeole: Produced By Microsoft MimeOLE > V6.00.2600.0000 > > Date: Tue, 18 Feb 2003 14:24:53 +0100 > > Received: (cpmta 20792 invoked from network); 18 Feb > 2003 05:24:56 -0800 > > Received: (cpmta 20783 invoked from network); 18 Feb > 2003 05:24:56 -0800 > > Received: from 208.185.179.12 (HELO apache.org) > > by smtp.c014.snv.cp.net (209.228.35.96) with SMTP; > 18 Feb 2003 05:24:56 -0800 > > Received: (qmail 90104 invoked by uid 500); 18 Feb > 2003 13:24:41 -0000 > > Received: (qmail 90092 invoked from network); 18 Feb > 2003 13:24:41 -0000 > > Received: from av2.rz.fh-augsburg.de (HELO > FH-Augsburg.DE) (141.82.16.242) > > by daedalus.apache.org with SMTP; 18 Feb 2003 > 13:24:41 -0000 > > Received: from meduron700 > (dial19-220.RZ.FH-Augsburg.DE [141.82.19.220]) > > by FH-Augsburg.DE (8.12.6/8.12.6) with ESMTP id > h1IDQ087011192 > > for ; Tue, 18 Feb > 2003 14:26:00 +0100 (MET) > > Mailing-List: contact > tomcat-user-help@jakarta.apache.org; run by ezmlm > > X-Msmail-Priority: Normal > > Content-Type: text/plain; > > charset=3D"Windows-1252" > > X-Received: 18 Feb 2003 13:24:56 GMT > > List-Post: > > Subject: Tomcat 4.1.18 container-specific security > mechanism+JDBCRealm+How to update user roles without > logoff/relogin when DB updated > > X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N > > List-Subscribe: > > > Precedence: bulk > > Delivered-To: findlaw.com%fangfang@findlaw.com > > Delivered-To: findlaw.com%fcai@findlaw.com > > Delivered-To: mailing list > tomcat-user@jakarta.apache.org > > Return-Path: > > > Content-Transfer-Encoding: 7bit > > MIME-Version: 1.0 > > To: > > X-Mailscanner: Found to be clean > >=20 > > Hi, > >=20 > > I'm using Tomcats build in form-based auth mechanism > > and a JDBCRealm > > with usernames and roles from my DB. > >=20 > > It can happen that a user does a login and later due > to > > some workflow he > > either obtains or looses a role. > > I can do the insert/delete of those roles without a > > problem in my DB. > > Unfortunately as long as the user stays logged on the > > webapp Tomcat > > seems to cache the role information as it was when the > > user previously > > performed his login. > >=20 > > Means in detail that my DB is up-to-date but every > > request.isUserInRole() is not and gives me either > true, > > although the > > role is already deleted or false, although I provided > > that role already. > >=20 > > Is there any better way to update Tomcats security > > system to use the > > current roles and not to force a logoff and relogin? > > I have no idea at the moment where Tomcat stores the > > role info after > > login so that I could somehow update this info at the > > same time I update > > my DB. > >=20 > > I hope someone can provide my a hint if and how this > > can be done. I > > hoped there would be some opposite feature of > > request.isUserInRole() > > like response.setUserRole() or something... > >=20 > > Thx. > > Michael > >=20 > >=20 > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > > For additional commands, e-mail: > > tomcat-user-help@jakarta.apache.org >=20 >=20 > _________________________________________________ > FindLaw - Free Case Law, Jobs, Library, Community=20 http:///www.FindLaw.com Get your FREE @JUSTICE.COM email! http://mail.Justice.com --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org