Hi.
I have a question relating to your thread (at least in my mind) : is there a
standard, easy way to reread roles for an authenticated user ?
The use case is as follow : I implement JSON web tokens (JWT) as a valve,
generating it after the container performed authentication and restoring
pri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Roger,
On 12/31/16 2:30 PM, Roger Marquis wrote:
>>> Do we also need to derive the algorithm, saltLength and
>>> iterations from server.xml?
>>
>> Nope. If you follow what's in that presentation starting on slide
>> 29,
>
> This is the design elem
Christopher Schultz wrote:
The code has already been written.
http://people.apache.org/~schultz/ApacheCon%20NA%202016/Seamless%20Upgra
des%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf
Read the whole thing, but what you are really interested in starts on
slide #29.
Maybe it's just me
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Roger,
On 12/22/16 10:11 PM, Roger Marquis wrote:
>>> I have a change-password form that must validate the current
>>> user's password and am unable to find a Tomcat (8.0) method to
>>> use for this. It's not in FormAuthenticator or any other class
I have a change-password form that must validate the current
user's password and am unable to find a Tomcat (8.0) method to use
for this. It's not in FormAuthenticator or any other class I could
find. Pointers would be appreciated.
It's complicated, but you can do it. What exact version of Tomc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Roger,
On 12/22/16 3:44 PM, Roger Marquis wrote:
> I have a change-password form that must validate the current
> user's password and am unable to find a Tomcat (8.0) method to use
> for this. It's not in FormAuthenticator or any other class I could
I have a change-password form that must validate the current user's
password and am unable to find a Tomcat (8.0) method to use for this.
It's not in FormAuthenticator or any other class I could find. Pointers
would be appreciated.
Roger
-
