It seems that in 3.2.x version of JDBCRealm, it does query the DB every
time. The username is stored in the session but not the roles.
This was, however, fixed in the 3.3 series and the code is also much
cleaner. In 3.3.x, both the username and the roles are stored in the
session.
I might be wrong, but that's what I got by looking at the code.
Christian
-----Original Message-----
From: Nathan Coast [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 04, 2001 9:54 AM
To: tomcat user
Subject: JDBC Realm & Roles
Hi,
Is the user-role information obtained via a JDBCRealm stored against a
session?
If not, each attempt to access a secured resource must result in a hit on
the
database - surely this would be bad for performance. The downside of
storing
the role info is that if a users role changes during a session, they will
not
obtain their updated role information until they next login.
Can anyone shed any light on this?
Thanks in advance
Nathan
