tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 梁炳場 <pc.le...@gmail.com>
Subject Re: After 1st installation of JDBCRealm?
Date Sun, 04 Sep 2005 03:40:03 GMT
Thank you Mark,

How about security manager?

Can I use policy file under $CATALINA_HOME/conf/catalina.policy file
with JDBCRealm?



2005/9/3, Mark Thomas <markt@apache.org>:
> 梁炳場 wrote:
> > I just install JDBCRealm of Tomcat 5.5
> > It works. Very simple to configure.
> >
> > But I have a few questions to ask.
> >
> > 1. How can users change password?
> They can't without you writing some custom code.
> 
> >     And if password is encrypted, how to manage password?
> >     eg, how to create the 1st user name and password?
> Again, custom code. If you use digest passwords, you can use the same
> digest mechanism.
> 
> > 2. Can the Struts Action class get the value of request.isUserInRole("")?
> Yes.
> 
> > 3. Can JDBCRealm support policy like JAASRealm?
> No.
> 
> > 4. Roles are defined in web.xml and database's tables.
> >     Is it double work? If there is a difference of roles in web.xml
> >     and tables for the same username, which prevail?
> There is no user to role mapping in web.xml therefore there is no
> question of one prevailing over another.
> 
> Database defines mapping between users and roles.
> web.xml defines mappign between roles and application resources
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
>
Mime
View raw message