Thanks a lot.I think I got another way to solve the group hierarchical
problem,but I am not sure about it. maybe you can help me to confirm it:I wrote
the SQL as followed:create or replace view groupview asselect
usertable.username,
decode(usertable.locked,0,'Authorizers','UnAuthorizers') as groupnamefrom
usertablewhere in the usertable there is a field named locked that indicates
whether the user is locked. so now I can allow everyone in the database to
login to the system if the user is Authorizers,and I judge the user's role.The
reason I do so is because there are existed API for doing all these and there
are more than thousand users in the database,though the userid and groupid
never be the same.Now I got another problem,the password stored in the database
is encrypted,which is a common way,but the encrypting method is not using some
sql script but SHA.So,How can I parse the clear-text that I input to SHA
password and then compare with that stored
in the database? Is there a way that I can capture the clear-text password
and using SHA to encode it then compare it with the password stored in the
database?
thanks in advance!
> Date: Wed, 31 Oct 2007 10:51:42 +0000> From: [EMAIL PROTECTED]> To:
> users@tomcat.apache.org> Subject: Re: [tomcat]How to decrypt the DIGEST
> authentication?> > zhongliang zhang wrote:> >> But the application allows
> creating new group,how do I solve this problem?> > What problem? You need to
> say what the problem is if we are going to be> able to help.> > web.xml
> doesn't support the dynamic addition of new groups. Further, the> Realm
> doesn't understand the concept of hierarchical groups.> > > Only the member
> of group "administrators" have access to the adminitrative page,and other
> groups,like "groupA","groupB",... the member of which only have rights to
> login to the common page.so in the web.xml,I configure like the following:> >
> <security-constraint> <web-resource-collection>
> <web-resource-name>all</web-resource-name> <url-pattern>/admin</url-pattern>
> </web-resource-collection> <auth-constraint>
> <role-name>Administrators</role-name> </auth-constraint>
> </security-constraint> <s
ecurity-constraint> <web-resource-collection>
<web-resource-name>all</web-resource-name> <url-pattern>/common</url-pattern>
</web-resource-collection> <auth-constraint> <role-name>??????</role-name>
</auth-constraint> </security-constraint>> > <login-config>
<auth-method>DIGEST</auth-method> <realm-name>JDBCRealm</realm-name>
</login-config>> > > > How should I configure the "??????" part? and further
more,It has a inherency relationship between groups, If "Administrators" group
contains "groupA",then the members of "groupA" have the administrative
privilege,too. That means a group's member can be either a group or a user.In
the former situation,It does a tree-search to check whether a user belongs to
the "Administrators" group,now,if I use a configuration file,how did I do this
check?> > There is, however, a way around this. It should be OK for small (few>
thousand groups and users) but it might not scale very well. The SQL below> is
non-optimal but it should give you the i
dea.> > Use <role-name>Non-Administrators</role-name> for the common area.> >
You'll need to modify your server-side SQL some. Again, I don't have an> Oracle
instance to test with so I am going from memory / Google. The syntax> may not
be quite right. This assumes that your groupids are never the same> as your
userids.> > CREATE or REPLACE VIEW vAdminGroups AS> SELECT groupid> FROM
grouptable> START WITH groupname='Administrators'> CONNECT BY PRIOR
userid=groupid;> > CREATE or REPLACE VIEW vAdminUsers AS> SELECT u.userid as
userid, username, 'Administrators' as groupname> FROM usertable u, vAdminGroups
g> WHERE u.userid = g.userid;> > CREATE or REPLACE VIEW vNonAdminUsers AS>
SELECT username, 'NonAdministrators' as groupname> FROM usertable> WHERE userid
NOT IN (SELECT userid from vAdminUsers);> > CREATE or REPLACE VIEW vUserRole
AS> SELECT * FROM vAdminUsers> UNION> SELECT * FROM vNonAdminUsers;> > Hope
this helps.> > Mark> > > ----------------------------------------------
-----------------------> To start a new topic, e-mail:
users@tomcat.apache.org> To unsubscribe, e-mail: [EMAIL PROTECTED]> For
additional commands, e-mail: [EMAIL PROTECTED]>
_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces.
It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us