Re: Best Practices for JNDI DataSources/Authentication

2008-03-05 Thread Felix Schumacher 
On Thu, March 6, 2008 1:40 am, pbdavey wrote:
>
> I've been looking through a lot of tutorials regarding using JNDI for
> datasources and ldap authentication and was wondering if someone could
> explain things.
>
> Most of what I've come across has authentication completely seperate from
> the datasource, or, in the case of JDBCRealms, the user/credentials are
> simply stored in the database. However, almost never do people use
> database
> users, even though you can configure connection pools to not have
> username/passwords and pass them through the getConnection() method. In
> the
> few cases I've found with database users, they never mention how that
> integrates with realms. Are there best practices, technological, or
> someother reasons for this? Or am I just doing something very weird?
Hi,

I think you want to try to couple the user/password pair used for login to
get a database/resource personalized to that user.
But you should consider the password part of the user something you don't
really have. If a user is logged into a realm, you will only get an object
which tells you the name and the roles this user has (you don't get a list
of roles, but you can ask if a user has a special role).

>From there on you could personalize by using pre-configured resources for
the different roles of the user.

And please consider the password gone; maybe your realm has authenticated
your user without one (kerberos, OTP, openid, ...)

Bye
 Felix
>
> If someone could point me in the right direction, I'd very much appreciate
> it!
> --
> View this message in context:
> http://www.nabble.com/Best-Practices-for-JNDI-DataSources-Authentication-tp15863919p15863919.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Best Practices for JNDI DataSources/Authentication

2008-03-05 Thread pbdavey 

I've been looking through a lot of tutorials regarding using JNDI for
datasources and ldap authentication and was wondering if someone could
explain things.

Most of what I've come across has authentication completely seperate from
the datasource, or, in the case of JDBCRealms, the user/credentials are
simply stored in the database. However, almost never do people use database
users, even though you can configure connection pools to not have
username/passwords and pass them through the getConnection() method. In the
few cases I've found with database users, they never mention how that
integrates with realms. Are there best practices, technological, or
someother reasons for this? Or am I just doing something very weird?

If someone could point me in the right direction, I'd very much appreciate
it!
-- 
View this message in context: 
http://www.nabble.com/Best-Practices-for-JNDI-DataSources-Authentication-tp15863919p15863919.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]