[ http://issues.apache.org/jira/browse/GERONIMO-409?page=all ]
David Blevins updated GERONIMO-409: ----------------------------------- Fix Version: 1.0 (was: 1.0-M5) > SQLSecurityRealm/SQLLoginModule needs overhaul > ---------------------------------------------- > > Key: GERONIMO-409 > URL: http://issues.apache.org/jira/browse/GERONIMO-409 > Project: Geronimo > Type: Bug > Components: security > Versions: 1.0-M2 > Reporter: Aaron Mulder > Priority: Critical > Fix For: 1.0 > > The SQLSecurityRealm and SQLLoginModule do not scale. In particular, they > load all users and all groups in the security realm once when the realm is > started, and again for every login request. Imagine a database of thousands > of users/groups. > There should instead be required SQL queries to load a single password given > a username, and to load a list of groups for a single user given a username. > Then there can be optional SQL queries to load a list of all users or to load > a list of all groups, though we still shouldn't care who the group members > are. > Also, it appears that the digesting features provided by > SQLSecurityRealmPasswordDigested are never invoked, so that class has no > effect. It seems like the best way to implement digesting would be to make > the basic SQLLoginModule take a digest algorithm argument. If present, the > SQLLoginModule could instantiate and use a digester on the incoming password > (and if not, not). Then we don't need any extra class for it, and you could > enable digesting simply by adding a login module configuration option. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira