Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 99802 invoked from network); 9 Apr 2005 04:34:07 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 9 Apr 2005 04:34:07 -0000 Received: (qmail 15743 invoked by uid 500); 9 Apr 2005 04:33:47 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 14833 invoked by uid 500); 9 Apr 2005 04:33:45 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 14814 invoked by uid 99); 9 Apr 2005 04:33:44 -0000 X-ASF-Spam-Status: No, hits=1.0 required=10.0 tests=DNS_FROM_RFC_ABUSE,RCVD_BY_IP,SPF_HELO_PASS,SPF_PASS,URIBL_SBL X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: domain of jerome.jar@gmail.com designates 64.233.170.207 as permitted sender) Received: from rproxy.gmail.com (HELO rproxy.gmail.com) (64.233.170.207) by apache.org (qpsmtpd/0.28) with ESMTP; Fri, 08 Apr 2005 21:33:43 -0700 Received: by rproxy.gmail.com with SMTP id j1so811064rnf for ; Fri, 08 Apr 2005 21:33:41 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=oJDmBnBVmtONFEqbOupf0ayhTMw9QtDRkjNyL9RrmPVj3PoSP4Mvt8bGBNRnQX3HKRuFmR/TkFe/Qeg98GBx//dw8Q3hXx5yyiOt5qiwJK5HwPcf6h0sAMbzrELeX2/Be3lS90C8UfSpip9DURO15qZ0Mzm0w16ECEYh6i8hhhU= Received: by 10.38.65.42 with SMTP id n42mr1743464rna; Fri, 08 Apr 2005 21:33:41 -0700 (PDT) Received: by 10.38.208.67 with HTTP; Fri, 8 Apr 2005 21:33:41 -0700 (PDT) Message-ID: <57fe892e05040821335beee9bd@mail.gmail.com> Date: Sat, 9 Apr 2005 12:33:41 +0800 From: Jerome Jar Reply-To: Jerome Jar To: Tomcat Users List Subject: Re: Tomcat user 'roles' question In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit References: <023201c53c62$27973650$28ad93d1@irm.local> <57fe892e0504081825459c8882@mail.gmail.com> X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Excellent reply :) I guessed to write a customized UserDatabase just because it was there in the server.xml, and indeed it took me some hours :( On Apr 9, 2005 10:46 AM, Bill Barker wrote: > Yeah, but writing your own custom UserDatabase is usually harder than > writing your own custom Realm (at least four classes vs. one.). It does > have the advantage that (in theory) it should work with the admin webapp > ;-). > > Custom Realms really aren't all that hard. You typically create a class > that extends RealmBase > (http://jakarta.apache.org/tomcat/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/realm/RealmBase.html, > changing the '5.5' to the TC version you care about, unless it's 3.3 where > the package is different). Then you override the 'getPassword(String)' > (returns the db-password of the user), the 'getPrincipal(String)' (returns > the userPrincipal for the user), and the 'getName()' (returns the name of > the realm -- any identifying string). If you return anything but a > o.a.c.realm.GenericPrincipal from getPrincipal, then you'll have to override > the 'hasRole(Principal, String)' method as well. > > One strategy is to just do the above, and you are done. The other is to > implement the required overrides (except 'getName') to return null, and > override the 'authenticate(String, String)' method. Whichever works better > with your DB. > > "Jerome Jar" wrote in message > news:57fe892e0504081825459c8882@mail.gmail.com... > >I think you can modify the "UserDatabase" part in server.xml, to > > change the authentiation to use in your own way. > > > > On Apr 9, 2005 1:41 AM, Wendy Smoak wrote: > >> The only exposure that I have to this is configuring tomcat-users.xml so > >> I > >> can use the manager webapp, so please bear with me. > >> > >> I've got several web front-ends for a non-JDBC database. There is a > >> 'green > >> screen' (telnet) app running against the DB that uses a system of user > >> security classes to which different 'screens' are assigned. That data is > >> stored in the DB itself. We've fit the web front end into this system by > >> assigning each 'page' of the webapp a 'screen id', so that the admin can > >> define who sees what in a single place. > >> > >> What I'm wondering is if there's any hope of using this data with the > >> existing request.isUserInRole() method. (The security classes are > >> (loosely) > >> roles.) I only need to deal with authorization. Authentication is > >> handled > >> separately by a Filter that redirects elsewhere to make them log in. > >> > >> Can someone point me in the right general direction? Everything Google > >> turns up starts in with configuring a JDBC or JNDI realm, and I don't > >> think > >> that part of it will ever work with this database. Would I end up > >> defining > >> my own kind of a Realm? > >> > >> Confused, > >> -- > >> Wendy Smoak > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > >> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > >> > >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org