Re: extending JDBCRealm
Magnus, Check out Securityfilter: http://securityfilter.sourceforge.net/ I have submitted patches and sample (check the forums) that include the ability to get access to the IP, etc. My app currently logs successful and failed login attempts. As for logging the user in... that's not really part of authentication or authorization, is it? I maintain that logic such as that should not be in the component that is doing your AAA. What I have done is create a Filter that checks to see if the user's session contains my own user object. If not, I log them in and stick their user object into the session. This setup (including Securityfilter) is completely portable across app servers if you find yourself in the unfortunate situation of having to switch. -chris Magnus Bergman wrote: Hi, I'm using the JDBCRealm to authorize users to access my applications. I would like to log users when they login or tries to login to any application on my tomcat, to do this I have extended the JDBCRealm and overridden the authenticate-methods, by this I can log when and which user login to any application on my tomcat, but I also want to log which host/ip-number they login from? I know that information is in the HttpServletRequest, but how do I get hold of that information in my extended JDBCRealm? Or maybe there is a better way to solve this? /magnus - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature
extending JDBCRealm
Hi, I'm using the JDBCRealm to authorize users to access my applications. I would like to log users when they login or tries to login to any application on my tomcat, to do this I have extended the JDBCRealm and overridden the authenticate-methods, by this I can log when and which user login to any application on my tomcat, but I also want to log which host/ip-number they login from? I know that information is in the HttpServletRequest, but how do I get hold of that information in my extended JDBCRealm? Or maybe there is a better way to solve this? /magnus - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Custom realm extending JDBCRealm
HI!! Just solved. I was using tomcat 5.5.0. I was looking at sources of 5.5.16. I suppose that the authenticate method of 5.5.0 doesn't use getPassord method. I tried it in 5.5.16 and everything works fine Thanks for attention Alessandro On 3/24/06, Alessandro Colantoni [EMAIL PROTECTED] wrote: Hi all! For some reasons I had to extend JDBCRealm to overwrite the method getPassword. This is myRealm: public class ManoloJDBCRealm extends JDBCRealm{ private static Log log = LogFactory.getLog(ManoloJDBCRealm.class); protected String getPassword(String username) { System.out.println(username= +username); String password=super.getPassword(username); log.info(password=+password); String hexpassword=HexUtils.convert(password.getBytes()); log.info(hexpassword=+hexpassword); return hexpassword; } } I wrote the file mbeans-descriptors.xml ?xml version=1.0? mbeans-descriptors mbean name=ManoloJDBCRealm description=Implementation of Realm that works with any JDBC supported database domain=Catalina group=Realm type= com.steria.tc.realm.ManoloJDBCRealm attribute name=className description=Fully qualified class name of the managed object type=java.lang.String writeable=false / attribute name=connectionName description=The connection username to use when trying to connect to the database type= java.lang.String / attribute name=connectionPassword description=The connection URL to use when trying to connect to the database type= java.lang.String / attribute name=connectionURL description=The connection URL to use when trying to connect to the database type=java.lang.String / attribute name=digest description=Digest algorithm used in storing passwords in a non-plaintext format type= java.lang.String / attribute name=driverName description=The JDBC driver to use type=java.lang.String / attribute name=roleNameCol description=The column in the user role table that names a role type= java.lang.String / attribute name=userCredCol description=The column in the user table that holds the user's credentials type=java.lang.String / attribute name=userNameCol description=The column in the user table that holds the user's username type= java.lang.String / attribute name=userRoleTable description=The table that holds the relation between user's and roles type=java.lang.String / attribute name=userTable description=The table that holds user data type= java.lang.String / operation name=start description=Start impact=ACTION returnType=void / operation name=stop description=Stop impact=ACTION returnType=void / operation name=init description=Init impact=ACTION returnType=void / operation name=destroy description=Destroy impact=ACTION returnType=void / /mbean /mbeans-descriptors I just copied it form the JDBCRealm and change the type. This file is in the same package of ManoloJDBCRealm. In server.xml I put Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0 descriptors=/com/steria/tc/realm/mbeans-descriptors.xml/ I've done a jar with in com/steria/tc/realm/mbeans-descriptors.xml, ManoloJDBCRealm.class and I put it in server/lib In my context.xml I put Realm className = com.steria.tc.realm.ManoloJDBCRealm../ I start tomcat, I get no error, but when i authenticate I don't get one of the message of my custom getPassword(String username). The behavior is as if tomcat utilize the JDBCREalm method Thanks in advance Alessandro