tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: Authenticating Users
Date Sun, 22 Feb 2009 22:23:34 GMT

Which specific attributes are you seeking that are not in DataSourceRealm?
<Realm className="org.apache.catalina.realm.DataSourceRealm" debug="99"
   dataSourceName="jdbc/authority"
   userTable="users" userNameCol="user_name" userCredCol="user_pass"
   userRoleTable="user_roles" roleNameCol="role_name"/>
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#DataSourceRealm

?
Martin 
______________________________________________ 
Disclaimer and confidentiality note 
Everything in this e-mail and any attachments relates to the official business of Sender.
This transmission is of a confidential nature and Sender does not endorse distribution to
any party other than intended recipient. Sender does not necessarily endorse content contained
within this transmission. 




> Date: Sun, 22 Feb 2009 13:47:54 -0800
> From: alan@compulsivecreative.com
> To: users@tomcat.apache.org
> Subject: Re: Authenticating Users
> 
> Gregor Schneider wrote:
> > To the OP:
> >
> > 1. May I ask what database it is you're using?
> >   
> Postgres - but a more general solution would be nice.
> > 2- I'd go for the following solution:
> >
> > Create a JSP-page accepting the credentials. The username should be
> > converted to uppercase. The password should be left as is so that
> > case-sensivity here is maintained.
> >   
> 
> That doesn't actually fit in with the Servlet CMS. I can easily decode 
> the user name and password by your mechanism. However, then I have to 
> rather extensively modify my code (covering 3 applications and 4 web 
> services) to apply the credentials. What I was looking for was a way of 
> extending what I already have.
> 
> > Don't know if I'm missing something, but to me that looks like a walk
> > in the park.
> >   
> See above. The problem is not decoding the password, but making sure 
> that the container managed security mechanism is maintained.
> 
> So far, the best suggestions that I've had are:
> 
> 1. Modify DataSourceRealm
> 2. Use secuirityfilter.
> 
>  From my point of view, as I don't use hashed passwords at the moment 
> the easiest thing to do is to modify the DataSourceRealm as suggested by 
> Mark Thomas. However, I think that the ability to extend the login 
> system to use either a user name or an email address would probably be 
> useful for other people. I'll give it some thought.
> 
> Regards
> 
> Alan
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> > Rgds
> >
> > Gregor
> >   
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

_________________________________________________________________
Windows Live™ Hotmail®…more than just e-mail. 
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_howitworks_022009
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message