tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Morten Andersen <mort...@mip.sdu.dk>
Subject RE: Implementing Realm
Date Wed, 08 Dec 2004 09:30:01 GMT
Sorry if I'm being stupid, but it simply doesn't match my experiences.

I'm using tomcat 4.1.30 as it is with standard MemoryRealm implementation. 
The username/passwords are created using the tomcat-users.xml, but If I 
change these without restarting tomcat the usernames and passwords are not 
being updated.

Example:

I enter a webapp with security constraints with my old password: "xxx"
Then I change the user-role element in conf/tomcat-users.xml so that the 
password is now: "yyy"
I start a new browser. In order to get a new client. Enter the new 
password... No entrance. Entering the old password gives a much better 
result though...

in server.xml there is a userdatabase element, that is documented as a
<!-- Editable user database that can also be used by UserDatabaseRealm to 
authenticate users -->

In the implementation (MemoryUserDatabase.java)  there is no sign what so 
ever that it detects an update in the tomcat-users.xml file. The first 
method used is findUser(...) that just returns a value from a HashMap...

Regards

Morten



At 14:50 07-12-2004, you wrote:

>Hi,
>Yeah, I'm sure.  It's easy to see using the Admin webapp.
>
>Yoav Shapira http://www.yoavshapira.com
>
>
> >-----Original Message-----
> >From: Morten Andersen [mailto:mortena@mip.sdu.dk]
> >Sent: Tuesday, December 07, 2004 4:50 AM
> >To: Tomcat Users List
> >Subject: RE: Implementing Realm
> >
> >At 16:10 17-11-2004, you wrote:
> >>Note that all of Tomcat's built-in Realms support runtime changes to
>the
> >>data store, be it a file or a database.
> >
> >Are you sure. MemoryRealm seems only to be updated as Tomcat is
>restarted.
> >
> >
> >Morten Andersen
> >Master of applied mathematics and computer science
> >Associate professor
> >
> >The Maersk Institute of Production technology at Southern Danish
>University
> >www.mip.sdu.dk
> >Campusvej 55
> >DK-5230 Odense M
> >Denmark
> >+45 65 50 36 54
> >+45 61 71 11 03
> >Jabber id: hat@jabber.dk
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
>This e-mail, including any attachments, is a confidential business 
>communication, and may contain information that is confidential, 
>proprietary and/or privileged.  This e-mail is intended only for the 
>individual(s) to whom it is addressed, and may not be saved, copied, 
>printed, disclosed or used by anyone else.  If you are not the(an) 
>intended recipient, please immediately delete this e-mail from your 
>computer system and notify the sender.  Thank you.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Morten Andersen
Master of applied mathematics and computer science
Associate professor

The Maersk Institute of Production technology at Southern Danish University 
www.mip.sdu.dk
Campusvej 55
DK-5230 Odense M
Denmark
+45 65 50 36 54
+45 61 71 11 03
Jabber id: hat@jabber.dk


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message