Re: Absolute fields required for JDBC JNDI Realm pages in adminwebapp
Amy Roh wrote: I just committed fixes to validate only className and connectionURL and also to check either userPattern or userSearch is specified but not both. Thanks! I don't think any change to JNDIRealm is necessary since I changed admin so that it doesn't replace null values with for all configuration attributes anymore. Could you see if everything is ok now? I'll commit the changes to Tomcat 5 once I make sure it works correctly. Sounds good, but I'm afraid I won't be able to do this for about 10 days ... off on holiday early tomorrow. I'll check as soon as I get back. Would it be too late for the changes to go into TC 4.1? I still need someone to comment on other realms so I can make them more user-friendly. Thanks, Amy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Absolute fields required for JDBC JNDI Realm pages in adminwebapp
John Holman wrote: Amy Roh wrote: I just committed fixes to validate only className and connectionURL and also to check either userPattern or userSearch is specified but not both. Thanks! I don't think any change to JNDIRealm is necessary since I changed admin so that it doesn't replace null values with for all configuration attributes anymore. Could you see if everything is ok now? I'll commit the changes to Tomcat 5 once I make sure it works correctly. Sounds good, but I'm afraid I won't be able to do this for about 10 days ... off on holiday early tomorrow. I'll check as soon as I get back. Would it be too late for the changes to go into TC 4.1? It's in cvs already so it'll be in the next release 4.1.10. Have a good vacation. :-) Amy I still need someone to comment on other realms so I can make them more user-friendly. Thanks, Amy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Absolute fields required for JDBC JNDI Realm pages in adminwebapp
Amy Yes - much too strict for JNDIRealm! The only configuration attributes that should always be specified for this realm are className and connectionURL. In addition either userPattern or userSearch must be specified (but not both). Other attributes either have default values, or not specifying them is itself significant (e.g. if userPassword is not specified the realm attempts to bind as the user rather than retrieve the user's password). (Note that the realm docs on the website are out of date, but the CVS and 4.1.8+ releases have new documentation which covers all of this). In this connection, there is a problem with the admin application, which when it writes out a new version of the server.xml file converts all attributes that are unspecified by the user (e.g. in the original server.xml file) to attributes that are specified and have the empty string as their value This breaks JNDIRealm at the moment, and perhaps some other components as well (e.g. other realms). However I suspect this might be awkward to fix because of the way web forms work. If you can confirm that the admin app will continue to behave in this way (replacing null values with for all configuration attributes) then I can send you a patch for JNDIRealm to treat these values as equivalent. Configuration code in other components might also need to change - e.g. RealmBase decides whether a digest is being used by testing the value of the digest attribute against null, and throws an exception if it gets the empty string, since this is not null but not the name of a known digest algorithm either. John Amy Roh wrote: JDBC and JNDI Realms have many attributes. What's the minimum list of attributes to enable these two Realms? I'll need to know the minimum required list of attributes to validate the realm pages in admin webapp. Currently, it's validating all the fields as required which I think is too strict. Thanks, Amy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Absolute fields required for JDBC JNDI Realm pages in adminwebapp
John, Thanks for the feedback. John Holman wrote: Amy Yes - much too strict for JNDIRealm! I agree! The only configuration attributes that should always be specified for this realm are className and connectionURL. In addition either userPattern or userSearch must be specified (but not both). Other attributes either have default values, or not specifying them is itself significant (e.g. if userPassword is not specified the realm attempts to bind as the user rather than retrieve the user's password). (Note that the realm docs on the website are out of date, but the CVS and 4.1.8+ releases have new documentation which covers all of this). I just committed fixes to validate only className and connectionURL and also to check either userPattern or userSearch is specified but not both. In this connection, there is a problem with the admin application, which when it writes out a new version of the server.xml file converts all attributes that are unspecified by the user (e.g. in the original server.xml file) to attributes that are specified and have the empty string as their value This breaks JNDIRealm at the moment, and perhaps some other components as well (e.g. other realms). I committed fixes for this problem so that admin webapp doesn't set various properties if users don't specify them in the page. However I suspect this might be awkward to fix because of the way web forms work. If you can confirm that the admin app will continue to behave in this way (replacing null values with for all configuration attributes) then I can send you a patch for JNDIRealm to treat these values as equivalent. Configuration code in other components might also need to change - e.g. RealmBase decides whether a digest is being used by testing the value of the digest attribute against null, and throws an exception if it gets the empty string, since this is not null but not the name of a known digest algorithm either. I don't think any change to JNDIRealm is necessary since I changed admin so that it doesn't replace null values with for all configuration attributes anymore. Could you see if everything is ok now? I'll commit the changes to Tomcat 5 once I make sure it works correctly. I still need someone to comment on other realms so I can make them more user-friendly. Thanks, Amy John Amy Roh wrote: JDBC and JNDI Realms have many attributes. What's the minimum list of attributes to enable these two Realms? I'll need to know the minimum required list of attributes to validate the realm pages in admin webapp. Currently, it's validating all the fields as required which I think is too strict. Thanks, Amy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
