tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Chaney <>
Subject Re: Authenticating Users
Date Sun, 22 Feb 2009 21:47:54 GMT
Gregor Schneider wrote:
> To the OP:
> 1. May I ask what database it is you're using?
Postgres - but a more general solution would be nice.
> 2- I'd go for the following solution:
> Create a JSP-page accepting the credentials. The username should be
> converted to uppercase. The password should be left as is so that
> case-sensivity here is maintained.

That doesn't actually fit in with the Servlet CMS. I can easily decode 
the user name and password by your mechanism. However, then I have to 
rather extensively modify my code (covering 3 applications and 4 web 
services) to apply the credentials. What I was looking for was a way of 
extending what I already have.

> Don't know if I'm missing something, but to me that looks like a walk
> in the park.
See above. The problem is not decoding the password, but making sure 
that the container managed security mechanism is maintained.

So far, the best suggestions that I've had are:

1. Modify DataSourceRealm
2. Use secuirityfilter.

 From my point of view, as I don't use hashed passwords at the moment 
the easiest thing to do is to modify the DataSourceRealm as suggested by 
Mark Thomas. However, I think that the ability to extend the login 
system to use either a user name or an email address would probably be 
useful for other people. I'll give it some thought.



> Rgds
> Gregor

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message