tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stéphanie Cettou <s.cet...@gmail.com>
Subject Re: Windows Local user Login
Date Thu, 01 Apr 2010 14:19:37 GMT
Thanks!!!
Now, I have a best idea.

I will "analyse" all this for the next week.

A very big Thanks!
Stéphanie



2010/4/1 Christopher Schultz <chris@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Stéphanie,
>
> On 4/1/2010 3:12 AM, Stéphanie Cettou wrote:
>> - the webapp running in a Microsoft Windows 2003 Server environment.
>> Active directory is NOT use in this server.
>
> Got it.
>
>> - Actually the users authenticate with a user/passwords/roles in a SQL
>> 2000 Database.
>
> Perfect! There's no reason to mess around with AD/NTLM/Kerberos or any
> of that stuff: just use a standard Realm that ships with Tomcat to
> authenticate against a JDBC user database.
>
> Uh, does "SQL 2000 Database" really mean "Microsoft SQL Server 2000"?
>
>> <Realm  className="org.apache.catalina.realm.JDBCRealm"
>
> I highly recommend that you do *not* use JDBCRealm, as this realm is
> "effectively single-threaded" according to the Tomcat developers.
> Consider using DataSourceRealm instead, which uses a pool of JDBC
> connections to perform authentication.
>
>>              driverName="net.sourceforge.jtds.jdbc.Driver"
>
> If you're running Microsoft SQL Server, you should probably be using the
> Microsoft JDBC driver. Although, I did look up jTDS and it looks like
> it's a decent driver.
>
>>              userTable="Users" userNameCol="UserId" userCredCol="Password"
>>              userRoleTable="UsersFeatures" roleNameCol="FeatureID" />
>>
>> like standard tomcat authentication.
>
> Okay, great. It wasn't clear that you had an acceptable authentication
> solution already implemented.
>
>> But, I need to change to implement my goal...
>>
>> c) Can you use your own database? Yes (but I must to be implement
>> complex authentication)
>
> I see. Let's go to your previous message:
>
>> - Check type of password (more that 8 char, special char,...)
>
> Tomcat does not provide any way to change passwords, so you'll have to
> implement these items yourself in your password-change code.
>
>> - Ask new password every month (from the web site)
>
> Again, you'll have to implement this yourself.
>
>> - Block the user after 3 failed login
>
> Tomcat does not implement this until recent versions of Tomcat 6.x. Are
> you able to upgrade to the latest Tomcat 6.x? You can use LockOutRealm
> to do /some/ kind of blocking (I'm not sure exactly what your
> requirements are, and I'm not sure exactly what the LockOutRealm does to
> enforce the locking).
>
>> - Block inactive user (ex after 90 days)
>
> Tomcat does not do this, either: you'll have to either use your own
> authentication system (such as securityfilter
> http://securityfilter.sourceforge.net along with your own Realm
> implementation that includes additional data-checking during the login)
> or in some other way.
>
> We implement features like the above in our project by using
> securityfilter with a custom Realm, plus a "credential Filter" which
> checks password age and user status, and then does things like redirect
> all requests to the "change password" page if you need to change your
> password, etc.
>
> Perhaps something like that would work for you.
>
> Hope that helps,
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAku0oRYACgkQ9CaO5/Lv0PComwCfb/JwX0d2yDh8SvUVoteSh+lM
> d4QAoJLrIaWZCzFApoB9uHS/G//4i+K4
> =cSNG
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message