On Thu, March 6, 2008 1:40 am, pbdavey wrote: > > I've been looking through a lot of tutorials regarding using JNDI for > datasources and ldap authentication and was wondering if someone could > explain things. > > Most of what I've come across has authentication completely seperate from > the datasource, or, in the case of JDBCRealms, the user/credentials are > simply stored in the database. However, almost never do people use > database > users, even though you can configure connection pools to not have > username/passwords and pass them through the getConnection() method. In > the > few cases I've found with database users, they never mention how that > integrates with realms. Are there best practices, technological, or > someother reasons for this? Or am I just doing something very weird? Hi,
I think you want to try to couple the user/password pair used for login to get a database/resource personalized to that user. But you should consider the password part of the user something you don't really have. If a user is logged into a realm, you will only get an object which tells you the name and the roles this user has (you don't get a list of roles, but you can ask if a user has a special role). >From there on you could personalize by using pre-configured resources for the different roles of the user. And please consider the password gone; maybe your realm has authenticated your user without one (kerberos, OTP, openid, ...) Bye Felix > > If someone could point me in the right direction, I'd very much appreciate > it! > -- > View this message in context: > http://www.nabble.com/Best-Practices-for-JNDI-DataSources-Authentication-tp15863919p15863919.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
