Martin Gainty wrote:
Which specific attributes are you seeking that are not in DataSourceRealm?
<Realm className="org.apache.catalina.realm.DataSourceRealm" debug="99"
dataSourceName="jdbc/authority"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name"/>
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#DataSourceRealm
?
To summarize
I (or,actually my "marketing dept') have the following requirements.
1. password be case insensitive [I may be able to talk them out of this]
2. username be case insensitive.
3. email address can be used as a synonym for the user name.
4. Security managed by Tomcat CMS.
Mark T suggested that I modify DSR appropriately.
Chris Schultz pointed out correctly that it gets a bit more complicated
if the pwd must be hashed.
I've looked at the code to DSR and it seems to me that the following
would work.
1. add an 'alternative' userNameCol (eg altNameCol) and in the
configuration as above point that at the email column.
2. in the code, IF the login fails using the 'user_name' then try it
with the altNameCol.
3. to make things case insenstive simply convert the username to lower
case and use a 'lower' function on the column value.
4. to make the thing a bit more flexible an additional boolean parameter
'isCaseInsensitive' could be added to select the behavior has in 3. above.
Defaults could be chosen such that the current configuration setup still
works (eg the default value for isCaseInsensitive is false)
Only real gotcha that I can see for making it database independent is
that the function used to create lower case is not univerally 'lower()'
(M/SQL appears to be toLower()) so it might be necessary to pass the
string for the function name as an optional configuration parameter.
I realize that many people would advise against the idea of case
insensitive passwords - however, despite my personal reservations I am
willing to accept that in the case of this particular application the
reduction in security is acceptable.
If hashed pwds are used then there are 3 solutions:
1. don't allow case insensitive passwords - only user names.
2. provide two columns one for lower case versions of the pwd.
3. convert all the existing password HASHES to the lower case equivalent,
but hashed passwords are not my principal concern
I've downloaded and built 6.0.18 and looked at the DSR code - doesn't
look like a very big job to make the changes that I want so I may have
go tomorrow. As I use 6.0.18 I can easily test it by just patching in
the .class file for DataSourceRealm on my dev. system.
Regards
Alan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
