[ http://nagoya.apache.org/jira/browse/GERONIMO-409?page=comments#action_54899 ] Aaron Mulder commented on GERONIMO-409: ---------------------------------------
Also, the configuration for this realm needs to include the driver class name. In general, if the driver is not explicitly loaded, it won't be available and the connection attempt will fail. > SQLSecurityRealm/SQLLoginModule needs overhaul > ---------------------------------------------- > > Key: GERONIMO-409 > URL: http://nagoya.apache.org/jira/browse/GERONIMO-409 > Project: Apache Geronimo > Type: Bug > Components: security > Versions: 1.0-M2 > Reporter: Aaron Mulder > Assignee: Alan Cabrera > > The SQLSecurityRealm and SQLLoginModule do not scale. In particular, they > load all users and all groups in the security realm once when the realm is > started, and again for every login request. Imagine a database of thousands > of users/groups. > There should instead be required SQL queries to load a single password given > a username, and to load a list of groups for a single user given a username. > Then there can be optional SQL queries to load a list of all users or to load > a list of all groups, though we still shouldn't care who the group members > are. > Also, it appears that the digesting features provided by > SQLSecurityRealmPasswordDigested are never invoked, so that class has no > effect. It seems like the best way to implement digesting would be to make > the basic SQLLoginModule take a digest algorithm argument. If present, the > SQLLoginModule could instantiate and use a digester on the incoming password > (and if not, not). Then we don't need any extra class for it, and you could > enable digesting simply by adding a login module configuration option. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://nagoya.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira
