tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Chaney <a...@compulsivecreative.com>
Subject Re: Authenticating Users
Date Sun, 22 Feb 2009 21:47:54 GMT
Gregor Schneider wrote:
> To the OP:
>
> 1. May I ask what database it is you're using?
>   
Postgres - but a more general solution would be nice.
> 2- I'd go for the following solution:
>
> Create a JSP-page accepting the credentials. The username should be
> converted to uppercase. The password should be left as is so that
> case-sensivity here is maintained.
>   

That doesn't actually fit in with the Servlet CMS. I can easily decode 
the user name and password by your mechanism. However, then I have to 
rather extensively modify my code (covering 3 applications and 4 web 
services) to apply the credentials. What I was looking for was a way of 
extending what I already have.

> Don't know if I'm missing something, but to me that looks like a walk
> in the park.
>   
See above. The problem is not decoding the password, but making sure 
that the container managed security mechanism is maintained.

So far, the best suggestions that I've had are:

1. Modify DataSourceRealm
2. Use secuirityfilter.

 From my point of view, as I don't use hashed passwords at the moment 
the easiest thing to do is to modify the DataSourceRealm as suggested by 
Mark Thomas. However, I think that the ability to extend the login 
system to use either a user name or an email address would probably be 
useful for other people. I'll give it some thought.

Regards

Alan
















> Rgds
>
> Gregor
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message