tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zhongliang zhang <>
Subject RE: [tomcat]How to decrypt the DIGEST authentication?
Date Thu, 01 Nov 2007 01:36:24 GMT
Thanks  a lot.I think I got another way to solve the group hierarchical problem,but I am not
sure about it. maybe you can help me to confirm it:I wrote the SQL as followed:create or
replace view groupview asselect         usertable.username,        decode(usertable.locked,0,'Authorizers','UnAuthorizers')
as groupnamefrom        usertablewhere in the usertable there is a field named locked that
indicates whether the user is locked. so now I can allow everyone in the database to login
to the system if the user is Authorizers,and I judge the user's role.The reason I do so is
because there are existed API for doing all these and there are more than thousand users in
the database,though the userid and groupid never be the same.Now I got another problem,the
password stored in the database is encrypted,which is a common way,but the encrypting method
is not using some sql script but SHA.So,How can I parse the clear-text that  I input to SHA
password and then compare with that stored
  in the database? Is there a way that I can capture the clear-text password and using SHA
to encode it then compare it with the password stored in the database?
thanks in advance!
> Date: Wed, 31 Oct 2007 10:51:42 +0000> From:> To:>
Subject: Re: [tomcat]How to decrypt the DIGEST authentication?> > zhongliang zhang wrote:>
>> But the application allows creating new group,how do I solve this problem?> >
What problem? You need to say what the problem is if we are going to be> able to help.>
> web.xml doesn't support the dynamic addition of new groups. Further, the> Realm doesn't
understand the concept of hierarchical groups.> > > Only the member of group "administrators"
have access to the adminitrative page,and other groups,like "groupA","groupB",... the member
of which only have rights to login to the common in the web.xml,I configure like the
following:> > <security-constraint> <web-resource-collection> <web-resource-name>all</web-resource-name>
<url-pattern>/admin</url-pattern> </web-resource-collection> <auth-constraint>
<role-name>Administrators</role-name> </auth-constraint> </security-constraint>
 ecurity-constraint> <web-resource-collection> <web-resource-name>all</web-resource-name>
<url-pattern>/common</url-pattern> </web-resource-collection> <auth-constraint>
<role-name>??????</role-name> </auth-constraint> </security-constraint>>
> <login-config> <auth-method>DIGEST</auth-method> <realm-name>JDBCRealm</realm-name>
</login-config>> > > > How should I configure the "??????" part? and further
more,It has a inherency relationship between groups, If "Administrators" group contains "groupA",then
the members of "groupA" have the administrative privilege,too. That means a group's member
can be either a group or a user.In the former situation,It does a tree-search to check whether
a user belongs to the "Administrators" group,now,if I use a configuration file,how did I do
this check?> > There is, however, a way around this. It should be OK for small (few>
thousand groups and users) but it might not scale very well. The SQL below> is non-optimal
but it should give you the i
 dea.> > Use <role-name>Non-Administrators</role-name> for the common area.>
> You'll need to modify your server-side SQL some. Again, I don't have an> Oracle instance
to test with so I am going from memory / Google. The syntax> may not be quite right. This
assumes that your groupids are never the same> as your userids.> > CREATE or REPLACE
VIEW vAdminGroups AS> SELECT groupid> FROM grouptable> START WITH groupname='Administrators'>
u.userid as userid, username, 'Administrators' as groupname> FROM usertable u, vAdminGroups
g> WHERE u.userid = g.userid;> > CREATE or REPLACE VIEW vNonAdminUsers AS> SELECT
username, 'NonAdministrators' as groupname> FROM usertable> WHERE userid NOT IN (SELECT
userid from vAdminUsers);> > CREATE or REPLACE VIEW vUserRole AS> SELECT * FROM vAdminUsers>
UNION> SELECT * FROM vNonAdminUsers;> > Hope this helps.> > Mark> > >
 -----------------------> To start a new topic, e-mail:> To
unsubscribe, e-mail:> For additional commands, e-mail:> 
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message