Sorry if I'm being stupid, but it simply doesn't match my experiences.
I'm using tomcat 4.1.30 as it is with standard MemoryRealm implementation.
The username/passwords are created using the tomcat-users.xml, but If I
change these without restarting tomcat the usernames and passwords are not
being updated.
Example:
I enter a webapp with security constraints with my old password: "xxx"
Then I change the user-role element in conf/tomcat-users.xml so that the
password is now: "yyy"
I start a new browser. In order to get a new client. Enter the new
password... No entrance. Entering the old password gives a much better
result though...
in server.xml there is a userdatabase element, that is documented as a
<!-- Editable user database that can also be used by UserDatabaseRealm to
authenticate users -->
In the implementation (MemoryUserDatabase.java) there is no sign what so
ever that it detects an update in the tomcat-users.xml file. The first
method used is findUser(...) that just returns a value from a HashMap...
Regards
Morten
At 14:50 07-12-2004, you wrote:
>Hi,
>Yeah, I'm sure. It's easy to see using the Admin webapp.
>
>Yoav Shapira http://www.yoavshapira.com
>
>
> >-----Original Message-----
> >From: Morten Andersen [mailto:mortena@mip.sdu.dk]
> >Sent: Tuesday, December 07, 2004 4:50 AM
> >To: Tomcat Users List
> >Subject: RE: Implementing Realm
> >
> >At 16:10 17-11-2004, you wrote:
> >>Note that all of Tomcat's built-in Realms support runtime changes to
>the
> >>data store, be it a file or a database.
> >
> >Are you sure. MemoryRealm seems only to be updated as Tomcat is
>restarted.
> >
> >
> >Morten Andersen
> >Master of applied mathematics and computer science
> >Associate professor
> >
> >The Maersk Institute of Production technology at Southern Danish
>University
> >www.mip.sdu.dk
> >Campusvej 55
> >DK-5230 Odense M
> >Denmark
> >+45 65 50 36 54
> >+45 61 71 11 03
> >Jabber id: hat@jabber.dk
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
>This e-mail, including any attachments, is a confidential business
>communication, and may contain information that is confidential,
>proprietary and/or privileged. This e-mail is intended only for the
>individual(s) to whom it is addressed, and may not be saved, copied,
>printed, disclosed or used by anyone else. If you are not the(an)
>intended recipient, please immediately delete this e-mail from your
>computer system and notify the sender. Thank you.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Morten Andersen
Master of applied mathematics and computer science
Associate professor
The Maersk Institute of Production technology at Southern Danish University
www.mip.sdu.dk
Campusvej 55
DK-5230 Odense M
Denmark
+45 65 50 36 54
+45 61 71 11 03
Jabber id: hat@jabber.dk
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
|