Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 49009 invoked from network); 18 Aug 2006 11:26:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 18 Aug 2006 11:26:40 -0000 Received: (qmail 83964 invoked by uid 500); 18 Aug 2006 11:26:26 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 83935 invoked by uid 500); 18 Aug 2006 11:26:26 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 83924 invoked by uid 99); 18 Aug 2006 11:26:26 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Aug 2006 04:26:26 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [128.253.83.141] (HELO authusersmtp.mail.cornell.edu) (128.253.83.141) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Aug 2006 04:26:25 -0700 Received: from [128.253.38.244] (defiant.ento.cornell.edu [128.253.38.244]) (authenticated bits=0) by authusersmtp.mail.cornell.edu (8.13.1/8.12.10) with ESMTP id k7IBQ3Bn029043 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 18 Aug 2006 07:26:04 -0400 (EDT) Message-ID: <44E5A3CB.2070004@cornell.edu> Date: Fri, 18 Aug 2006 07:26:03 -0400 From: David Smith User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Security constraint/login form References: <3A55348B50FD2A40AAA40ABA16C6B6D607F29739@EXNJMB23.nam.nsroot.net> In-Reply-To: <3A55348B50FD2A40AAA40ABA16C6B6D607F29739@EXNJMB23.nam.nsroot.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Over an hour? Not even ODBC has that kind of latency. Could you be looking at a caching issue? --David Propes, Barry L wrote: >ok, thanks..I think there's a fair amount of latency between my database query info and what's actually updated in there. > >Something I'd changed over an hour ago was still showing the old value, and could have been causing some of the problems. > > > >-----Original Message----- >From: Marc Farrow [mailto:marc.farrow@gmail.com] >Sent: Thursday, August 17, 2006 4:03 PM >To: Tomcat Users List >Subject: Re: Security constraint/login form > > >The names are irrelevant. They just have to match between implementation >and setup. > >On 8/17/06, Propes, Barry L wrote: > > >>quick answer is yes to they have to be service or admin or yes to I can >>declare them anything that matches the column in another DB table I've >>created or yest to my last question about the values being what I want? >> >>-----Original Message----- >>From: Marc Farrow [mailto:marc.farrow@gmail.com] >>Sent: Thursday, August 17, 2006 3:38 PM >>To: Tomcat Users List >>Subject: Re: Security constraint/login form >> >> >>Quick answer is yes. >> >>On 8/17/06, Propes, Barry L wrote: >> >> >>>I wonder though...do the role_names have to be service or admin or >>>something like that? >>> >>>Can they be anything I declare them to be that matches the column in >>>another DB table? >>> >>>i.e. >>>I've got user_name and role_name as columns in the user_roles table. >>> >>>Can I make a 3rd table also having a column called role_name, but with a >>>value such as RISK, author, legaldept, etc.? >>> >>>-----Original Message----- >>>From: Marc Farrow [mailto:marc.farrow@gmail.com] >>>Sent: Thursday, August 17, 2006 2:11 PM >>>To: Tomcat Users List >>>Subject: Re: Security constraint/login form >>> >>> >>>Are you talking about the tomcat-users.xml file and the roles defined in >>>there? >>> >>>The security-contraints are pretty flexible and you can use any number >>> >>> >>of >> >> >>>ways to define your realms. If you look at the web.xml for the manager >>>application (that is shipped with Tomcat), you can see how that realm is >>>defined and used. You can even use encrypting on the passwords in that >>>file. If you don't mind maintaing that file for roles and users, then >>>just >>>modify it to fit your needs and change your security contraint for your >>>web >>>application to match those roles. Below is a quick example. If you are >>>wanting something for flexible, then you can research and use your >>>favorite >>>database for authentication or even your favorite LDAP. Below is a >>> >>> >>quick >> >> >>>example of how to use a user-defined role in the tomcat-users.xml file >>> >>> >>and >> >> >>>how to match it to two different URLS in one web app. >>> >>>Please understand, this is just a quick example and I do not dare >>> >>> >>declare >> >> >>>that this will work. Just a springboard to help you get your feet wet. >>> >>> >>>tomcat-users.xml: >>> >>> >>> >>> >>> >>> >>> >>> >>>application's web.xml: >>> >>> >>> >>> Restrict to role1 and role2/> >>> /welcome.jsp >>> >>> >>> role1 >>> role2 >>> >>> >>> >>> >>> >>> Restrict to role2 only/> >>> /other.jsp >>> >>> >>> role2 >>> >>> >>> >>> >>> some descr >>> role1 >>> role2 >>> >>> >>> >>>On 8/17/06, Propes, Barry L wrote: >>> >>> >>>>to add to my question earlier below, would it be something as simple >>>> >>>> >>as? >> >> >>>>String juser= (String) request.getAttribute("j_username"); >>>> >>>>Granted I have no idea what the session attribute is under the hood, >>>> >>>> >>>only >>> >>> >>>>know that j_username is the input name for the user_name. >>>> >>>>I was thinking with that info, I could then run a select query to >>>> >>>> >>>extract >>> >>> >>>>the role_name from an additional joined table to authenticate a step >>>>further. Does what I am explaining make sense? Forgive me if not. >>>> >>>>When I say additional table, I mean one in addition to the user_name >>>> >>>> >>and >> >> >>>>user_roles table that Tomcat requires for the form login security >>>> >>>> >>>constraint >>> >>> >>>>to work. >>>> >>>> >>>> >>>>-----Original Message----- >>>>From: Propes, Barry L >>>>Sent: Thursday, August 17, 2006 11:13 AM >>>>To: Tomcat Users List >>>>Subject: Security constraint/login form >>>> >>>> >>>>I realize that in Tomcat (I'm using 4.1.3 and 4.0.1 by the way -- a >>>>version on a prod. server and one ony my desktop) that you can create >>>> >>>> >>>the >>> >>> >>>>simple table titled users and configure it in the server.xml file and >>>> >>>> >>>then >>> >>> >>>>likewise configure the web.xml file's security constraint properties. >>>> >>>>My question is, can you add other columns to the table and then do a >>>> >>>> >>>join >>> >>> >>>>on another table as to further enhance security? >>>> >>>>If so, what is involved, and how involved is it? >>>> >>>>Thanks! >>>> >>>>Barry >>>> >>>> >>>>--------------------------------------------------------------------- >>>>To start a new topic, e-mail: users@tomcat.apache.org >>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >>>>For additional commands, e-mail: users-help@tomcat.apache.org >>>> >>>> >>>> >>>> >>>-- >>>Marc Farrow >>> >>> >>> >> >>-- >>Marc Farrow >> >> >> > > > > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org