Re: extending JDBCRealm
Magnus, Check out Securityfilter: http://securityfilter.sourceforge.net/ I have submitted patches and sample (check the forums) that include the ability to get access to the IP, etc. My app currently logs successful and failed login attempts. As for logging the user in... that's not really part of authentication or authorization, is it? I maintain that logic such as that should not be in the component that is doing your AAA. What I have done is create a Filter that checks to see if the user's session contains my own user object. If not, I log them in and stick their user object into the session. This setup (including Securityfilter) is completely portable across app servers if you find yourself in the unfortunate situation of having to switch. -chris Magnus Bergman wrote: Hi, I'm using the JDBCRealm to authorize users to access my applications. I would like to log users when they login or tries to login to any application on my tomcat, to do this I have extended the JDBCRealm and overridden the authenticate-methods, by this I can log when and which user login to any application on my tomcat, but I also want to log which host/ip-number they login from? I know that information is in the HttpServletRequest, but how do I get hold of that information in my extended JDBCRealm? Or maybe there is a better way to solve this? /magnus - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature
extending JDBCRealm
Hi, I'm using the JDBCRealm to authorize users to access my applications. I would like to log users when they login or tries to login to any application on my tomcat, to do this I have extended the JDBCRealm and overridden the authenticate-methods, by this I can log when and which user login to any application on my tomcat, but I also want to log which host/ip-number they login from? I know that information is in the HttpServletRequest, but how do I get hold of that information in my extended JDBCRealm? Or maybe there is a better way to solve this? /magnus - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Custom realm extending JDBCRealm
HI!!
Just solved.
I was using tomcat 5.5.0.
I was looking at sources of 5.5.16.
I suppose that the authenticate method of 5.5.0 doesn't use getPassord
method.
I tried it in 5.5.16 and everything works fine
Thanks for attention
Alessandro
On 3/24/06, Alessandro Colantoni [EMAIL PROTECTED] wrote:
Hi all!
For some reasons I had to extend JDBCRealm to overwrite the method
getPassword.
This is myRealm:
public class ManoloJDBCRealm extends JDBCRealm{
private static Log log = LogFactory.getLog(ManoloJDBCRealm.class);
protected String getPassword(String username) {
System.out.println(username= +username);
String password=super.getPassword(username);
log.info(password=+password);
String hexpassword=HexUtils.convert(password.getBytes());
log.info(hexpassword=+hexpassword);
return hexpassword;
}
}
I wrote the file mbeans-descriptors.xml
?xml version=1.0?
mbeans-descriptors
mbean name=ManoloJDBCRealm description=Implementation of Realm
that works with any JDBC supported database domain=Catalina group=Realm
type= com.steria.tc.realm.ManoloJDBCRealm
attribute name=className description=Fully qualified class name
of the managed object type=java.lang.String writeable=false /
attribute name=connectionName description=The connection
username to use when trying to connect to the database type=
java.lang.String /
attribute name=connectionPassword description=The connection URL
to use when trying to connect to the database type= java.lang.String /
attribute name=connectionURL description=The connection URL to
use when trying to connect to the database type=java.lang.String /
attribute name=digest description=Digest algorithm used in
storing passwords in a non-plaintext format type= java.lang.String /
attribute name=driverName description=The JDBC driver to use
type=java.lang.String /
attribute name=roleNameCol description=The column in the user
role table that names a role type= java.lang.String /
attribute name=userCredCol description=The column in the user
table that holds the user's credentials type=java.lang.String /
attribute name=userNameCol description=The column in the user
table that holds the user's username type= java.lang.String /
attribute name=userRoleTable description=The table that holds
the relation between user's and roles type=java.lang.String /
attribute name=userTable description=The table that holds user
data type= java.lang.String /
operation name=start description=Start impact=ACTION
returnType=void /
operation name=stop description=Stop impact=ACTION
returnType=void /
operation name=init description=Init impact=ACTION
returnType=void /
operation name=destroy description=Destroy impact=ACTION
returnType=void /
/mbean
/mbeans-descriptors
I just copied it form the JDBCRealm and change the type.
This file is in the same package of ManoloJDBCRealm.
In server.xml I put
Listener className=org.apache.catalina.mbeans.ServerLifecycleListener
debug=0
descriptors=/com/steria/tc/realm/mbeans-descriptors.xml/
I've done a jar with in com/steria/tc/realm/mbeans-descriptors.xml,
ManoloJDBCRealm.class
and I put it in server/lib
In my context.xml I put
Realm className = com.steria.tc.realm.ManoloJDBCRealm../
I start tomcat, I get no error, but when i authenticate I don't get one of
the message of my custom getPassword(String username). The behavior is as if
tomcat utilize the JDBCREalm method
Thanks in advance Alessandro
