group-to-role mapping
Hello, Are any plans in the works for Tomcat to support the concept of mapping J2EE security-roles (as defined in web.xml) to one or more groups, where a group is an entity in an LDAP/RDBMS/XML security store that may be shared by multiple applications? Right now, Tomcat supports a one-to-one mapping via the security-role-ref element in web.xml, but it's not clear whether there's a way to map a role to *multiple* shared groups... for instance, an create-employee role might be mapped to both the HR group and the Superuser group. This seems to be supported in WebLogic 8.1, Oracle 9iAS/10g, and SunONE. Not sure about JBoss or WebSphere. Or am I just overlooking something simple? -- Bill -- Bill Schneider Chief Architect Vecna Technologies 5004 Lehigh Rd., Suite B College Park, MD 20740 [EMAIL PROTECTED] t: 301-864-7253 x1140 f: 301-699-3180 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
UserDatabase implementations
Are there plans to have JDBC or JDNI/LDAP implementations of org.apache.catalina.UserDatabase? This would be very useful, as webapps often have to perform actions beyond what J2EE APIs provide (get all users in group, get all groups, add users/groups/membership). The advantages would be twofold: you would only have to configure your user store once in server.xml; and if you change between XML, JDBC or LDAP user stores at the server level, you don't have to touch your application-level configuration. Or am I misreading the whole purpose of J2EE container authentication? Should J2EE authentication be reserved for server administration-level applications like the manager, and should we use a different system for application-level access and authentication altogether? -- Bill Schneider Software Architect Vecna Technologies, Inc. 5004 Lehigh Road, Suite B College Park, MD 20740 [EMAIL PROTECTED] t: 301-864-7594 f: 301-699-3180 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
NullPointerException from incorrect JDBCRealm setup
Hi, I used Realms for the first time today with Tomcat 4.0.6. I noticed that, if you don't specify the userCredCol attribute correctly with the JDBCRealm (for example, accidentally calling it userCredColumn), you end up with a not-too-descriptive NullPointerException. (JDBCRealm line 389 in Tomcat 4.0.6.) Tracking this down in the source, it appears that if you don't specify the userCredCol attribute, the following SQL query results: SELECT null FROM user_table WHERE username_column = ? This is a valid query and won't throw a SQLException. If the user exists, the query returns a row, but with null instead of the password. The call to rs.getString(1).trim() then throws the NullPointerException. It would be useful for JDBCRealm to instead throw an exception sooner if either of the critical parameters are not set properly. This would enable a more useful error message to be logged. -- Bill -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
