RE: Implementing Realm

Wed, 08 Dec 2004 01:30:36 -0800 

Sorry if I'm being stupid, but it simply doesn't match my experiences.

I'm using tomcat 4.1.30 as it is with standard MemoryRealm implementation. The username/passwords are created using the tomcat-users.xml, but If I change these without restarting tomcat the usernames and passwords are not being updated.

Example:

I enter a webapp with security constraints with my old password: "xxx"
Then I change the user-role element in conf/tomcat-users.xml so that the password is now: "yyy"
I start a new browser. In order to get a new client. Enter the new password... No entrance. Entering the old password gives a much better result though...

in server.xml there is a userdatabase element, that is documented as a
<!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -->

In the implementation (MemoryUserDatabase.java) there is no sign what so ever that it detects an update in the tomcat-users.xml file. The first method used is findUser(...) that just returns a value from a HashMap...

Regards

Morten



At 14:50 07-12-2004, you wrote:

Hi,
Yeah, I'm sure.  It's easy to see using the Admin webapp.

Yoav Shapira http://www.yoavshapira.com


>-----Original Message-----
>From: Morten Andersen [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, December 07, 2004 4:50 AM
>To: Tomcat Users List
>Subject: RE: Implementing Realm
>
>At 16:10 17-11-2004, you wrote:
>>Note that all of Tomcat's built-in Realms support runtime changes to
the
>>data store, be it a file or a database.
>
>Are you sure. MemoryRealm seems only to be updated as Tomcat is
restarted.
>
>
>Morten Andersen
>Master of applied mathematics and computer science
>Associate professor
>
>The Maersk Institute of Production technology at Southern Danish
University
>www.mip.sdu.dk
>Campusvej 55
>DK-5230 Odense M
>Denmark
>+45 65 50 36 54
>+45 61 71 11 03
>Jabber id: [EMAIL PROTECTED]
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]




This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Morten Andersen
Master of applied mathematics and computer science
Associate professor

The Maersk Institute of Production technology at Southern Danish University www.mip.sdu.dk
Campusvej 55
DK-5230 Odense M
Denmark
+45 65 50 36 54
+45 61 71 11 03
Jabber id: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to