Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 63367 invoked from network); 7 Jul 2006 13:58:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 7 Jul 2006 13:58:24 -0000 Received: (qmail 61578 invoked by uid 500); 7 Jul 2006 13:58:15 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 61459 invoked by uid 500); 7 Jul 2006 13:58:15 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 61405 invoked by uid 99); 7 Jul 2006 13:58:14 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Jul 2006 06:58:14 -0700 X-ASF-Spam-Status: No, hits=1.1 required=10.0 tests=DNS_FROM_RFC_ABUSE,HTML_00_10,HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of ferindo.middleton@gmail.com designates 64.233.182.184 as permitted sender) Received: from [64.233.182.184] (HELO nf-out-0910.google.com) (64.233.182.184) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Jul 2006 06:58:13 -0700 Received: by nf-out-0910.google.com with SMTP id m18so113544nfc for ; Fri, 07 Jul 2006 06:57:52 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=VJxA97ov9aAKhGCYZdjTttWpaHn1e13avbTkcnSODU+BSj8B9CJxlSr0axWmssKtyee0AqW+cmrw8tYzxZtqsT4EAPSEdrSu9kbtkBuXLd6/lHvSbQZ5fw/4twsCFFykmjYnk/zXAYRxSuenFPPxcH3hDUcWF8LrFVHJBlgKLCw= Received: by 10.78.156.6 with SMTP id d6mr685863hue; Fri, 07 Jul 2006 06:57:51 -0700 (PDT) Received: by 10.78.39.18 with HTTP; Fri, 7 Jul 2006 06:57:51 -0700 (PDT) Message-ID: <40cd58240607070657j33de5843o7047e18f3e1dcedb@mail.gmail.com> Date: Fri, 7 Jul 2006 09:57:51 -0400 From: "Ferindo Middleton" To: dev@tomcat.apache.org Subject: Built-in tools for implementing Container Managed Authentication MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_8251_14537872.1152280671919" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N ------=_Part_8251_14537872.1152280671919 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Are there plans to include built-in tools to better implement container managed security? I'm a application developer that uses *DataSourceRealm * realm authentication of Tomcat to have form-based authentication for the applications I build.... But my users have poor passwords and many of them have been using the same password for over a year and there is no built-in Tomcat subsystem to allow me to do such things as: 1) force users to change their passwords every now and then, 2) enforce some kind of complexity-requirement for the passwords users have so people are using "strong" passwords that are hard to guess. Are there plans to include built in tools like the above around the existing Container Managed Authentication features of tomcat to allow for such things as the above to be administered within the server with minimal user coding. I'm just a user and don't know much about Tomcat internals. This would be a really good improvement/feature for future releases. Ferindo -- Ferindo Middleton Technical Lead - Research and AUI Infrastructure Development Sleekcollar Software ------=_Part_8251_14537872.1152280671919--