[ http://nagoya.apache.org/jira/browse/GERONIMO-409?page=comments#action_55707 ] Aaron Mulder commented on GERONIMO-409: ---------------------------------------
Now the changes just need to go into the SQLLoginModule. The driver part has been fixed, so the queries just need to be updated to be on a per-user basis. > SQLSecurityRealm/SQLLoginModule needs overhaul > ---------------------------------------------- > > Key: GERONIMO-409 > URL: http://nagoya.apache.org/jira/browse/GERONIMO-409 > Project: Apache Geronimo > Type: Bug > Components: security > Versions: 1.0-M2 > Reporter: Aaron Mulder > Assignee: Alan Cabrera > > The SQLSecurityRealm and SQLLoginModule do not scale. In particular, they > load all users and all groups in the security realm once when the realm is > started, and again for every login request. Imagine a database of thousands > of users/groups. > There should instead be required SQL queries to load a single password given > a username, and to load a list of groups for a single user given a username. > Then there can be optional SQL queries to load a list of all users or to load > a list of all groups, though we still shouldn't care who the group members > are. > Also, it appears that the digesting features provided by > SQLSecurityRealmPasswordDigested are never invoked, so that class has no > effect. It seems like the best way to implement digesting would be to make > the basic SQLLoginModule take a digest algorithm argument. If present, the > SQLLoginModule could instantiate and use a digester on the incoming password > (and if not, not). Then we don't need any extra class for it, and you could > enable digesting simply by adding a login module configuration option. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://nagoya.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira
