On 26/05/2021 18:56, Mark Thomas wrote:
On 26/05/2021 12:00, Carsten Klein wrote:
<snip/>
Why does UserDatabaseRealm pass a userPrincipal of type
UserDatabasePrincipal? Can't we just drop that and do it like
JNDIRealm or DataSourceRealm?
I don't see any obvious reason. I'll do some digging in the source
history to see if I can find out why. Absent a good reason, I'd say drop
it.
There is a good reason for it, but I think it should be possible to drop it.
It is there because the UserDatabaseRealm supports the concepts of
groups. Users can have roles assigned directly or users can be assigned
to a group and inherit the roles of the group. This means hasRole() is a
little more complicated and the UserDatabasePrincipal is used to
determine if this additional processing is required.
I think this could be replaced by a
"org.apache.catalina.realm.UserDatabaseRealm.groups" attribute which
would remove the need for the dedicated UserDatabasePrincipal
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org