Am Dienstag, 2. Oktober 2001 19:04 schrieben Sie: [...] > > > I am writing some general support classes to manage users and > > roles. To support a call like addUser() I need to know which > > security manager is in use so I can do the right thing. > > Doing things like checking for tomcat-usrs.xml or a particular > > security class don't seem adequate. > > You should not be using MemoryRealm for a production application. > > A completely separate approach would be to write a regular webapp that > talks directly to the underlying database (or directory server) containing > your authentication data. Any new user that you add, for example, is > immediately recognized -- there is no real reason to mess around with the > internal Realm implementation class at all.
We needed for a project the abbility to show the user why the athentification wasn´t succesful (wrong passwd, unknown username,...). And after three failed tries the account should be disabled. For the first problem we found no easy solution, the second problem was solved by hacking the JDBCRealm. Is this a "real reason" to mess around with the internal Realm? Or we´ve taken the wrong way? Greetings Martin
