tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank W. Zammetti" <>
Subject Re: Container-Managed Password Expiration/Strength enforcing?
Date Sat, 08 Apr 2006 02:53:07 GMT
Hi Renny,

I'm relatively sure Tomcat does not offer anything like this.  I know at 
work, we faced the same issues and developed a whole Security Framework 
to sit on top of J2EE security.  We're actually a Websphere shop, but 
Websphere doesn't offer those capabilities either.  That doesn't 
automatically mean Tomcat doesn't of course, but I'm fairly sure it doesn't.

Frank wrote:
> I am running Tomcat 5.5.12. I Use the sever's container-managed authentication mechanisms
to require authentication for my web application users' credentials via forms. The users'
ids and passwords
> are stored on an MySQL database.
> My question is, is there a way of configuring the server to require users to change their
passwords every now and then enforce rules to require users to make their passwords strong?
This doesn't seem to be
> documented in anywhere. I know that the source code is available but I don't know anything
about the inside of Tomcat and wouldn't know where to begin for coding this myself.
> Renny
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
> .

Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
AIM: fzammetti
Yahoo: fzammetti
Java Web Parts -
Supplying the wheel, so you don't have to reinvent it!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message