Which specific attributes are you seeking that are not in DataSourceRealm? <Realm className="org.apache.catalina.realm.DataSourceRealm" debug="99" dataSourceName="jdbc/authority" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name"/> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#DataSourceRealm
? Martin ______________________________________________ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. > Date: Sun, 22 Feb 2009 13:47:54 -0800 > From: a...@compulsivecreative.com > To: users@tomcat.apache.org > Subject: Re: Authenticating Users > > Gregor Schneider wrote: > > To the OP: > > > > 1. May I ask what database it is you're using? > > > Postgres - but a more general solution would be nice. > > 2- I'd go for the following solution: > > > > Create a JSP-page accepting the credentials. The username should be > > converted to uppercase. The password should be left as is so that > > case-sensivity here is maintained. > > > > That doesn't actually fit in with the Servlet CMS. I can easily decode > the user name and password by your mechanism. However, then I have to > rather extensively modify my code (covering 3 applications and 4 web > services) to apply the credentials. What I was looking for was a way of > extending what I already have. > > > Don't know if I'm missing something, but to me that looks like a walk > > in the park. > > > See above. The problem is not decoding the password, but making sure > that the container managed security mechanism is maintained. > > So far, the best suggestions that I've had are: > > 1. Modify DataSourceRealm > 2. Use secuirityfilter. > > From my point of view, as I don't use hashed passwords at the moment > the easiest thing to do is to modify the DataSourceRealm as suggested by > Mark Thomas. However, I think that the ability to extend the login > system to use either a user name or an email address would probably be > useful for other people. I'll give it some thought. > > Regards > > Alan > > > > > > > > > > > > > > > > > > Rgds > > > > Gregor > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > _________________________________________________________________ Windows Live™ Hotmail®…more than just e-mail. http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_howitworks_022009