You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Rainer Jung <ra...@kippdata.de> on 2008/09/19 21:58:25 UTC

Default Role in Realms

I added an optional configurable default role to the JNDIRealm.
That's useful, if you only want to authenticate the users (password check).

    http://svn.apache.org/viewvc?rev=697213&view=rev

I could as well add it to most of the other Realms, but I'm wondering, 
if it would make more sense to introduce an additional getRoles to 
RealmBase, which returns the default role if configured and can be 
included in the getRoles already present in most of the Realm 
implementations.

Thoughts?

Regards,

Rainer



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Default Role in Realms

Posted by Rainer Jung <ra...@kippdata.de>.

Rainer Jung schrieb:
>> Im my opinion a most useful feature,
>> as itreally is in ADweRealm (see
>> http://a-weinert.de/java/docs/aWeinertBib/de/a_weinert/realm/ADweRealm.html
>> ) for Active Directory.

> I'll have a look, as it's already ASL 2 licensed.

Speaking to fast. That was only the original License note carried over
form the JNDIRealm. Do you have plans to contribute ADweRealm?

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Default Role in Realms

Posted by Rainer Jung <ra...@kippdata.de>.

A. Weinert schrieb:
> Rainer Jung schrieb:
>> I added an optional configurable default role to the JNDIRealm.
>> That's useful, if you only want to authenticate the users (password
>> check).
>>
>>    http://svn.apache.org/viewvc?rev=697213&view=rev
>>
>> I could as well add it to most of the other Realms, but I'm wondering,
>> if it would make more sense to introduce an additional getRoles to
>> RealmBase, which returns the default role if configured and can be
>> included in the getRoles already present in most of the Realm
>> implementations.
>>
>> Thoughts?
>>
>> Regards,
>>
>> Rainer
> 
> Im my opinion a most useful feature,
> as itreally is in ADweRealm (see
> http://a-weinert.de/java/docs/aWeinertBib/de/a_weinert/realm/ADweRealm.html
> ) for Active Directory.
> 
> Active Directory (AD) lists certain default group memberships not
> explicitely. So an user account, who is just "Domänen-Benutzer",
> would get authentication but no roles and hence no Tomcat
> rights w/o such a default role feature.
> 
> But I'm not sure if a change to the base class (RealmBase) is much help.
> To use ADweRealm again as an example, it implements a primitive way
> of Realm Chaining (badly needed with AD and missed in Tomcat). Here the
> default role signals which Realm the user got her authentication from.
> Under this aspect a base class implementation of the default role
> feature would only make sense if the Realm Chaining feature would be
> implemented there as well.

I'll have a look, as it's already ASL 2 licensed. I also have recursive
role searches in the queue (not committed yet) and Mark recently added a
CombinedRealm to trunk.

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Default Role in Realms

Posted by "A. Weinert" <al...@a-weinert.de>.

Rainer Jung schrieb:
> I added an optional configurable default role to the JNDIRealm.
> That's useful, if you only want to authenticate the users (password check).
> 
>    http://svn.apache.org/viewvc?rev=697213&view=rev
> 
> I could as well add it to most of the other Realms, but I'm wondering, 
> if it would make more sense to introduce an additional getRoles to 
> RealmBase, which returns the default role if configured and can be 
> included in the getRoles already present in most of the Realm 
> implementations.
> 
> Thoughts?
> 
> Regards,
> 
> Rainer

Im my opinion a most useful feature,
as itreally is in ADweRealm (see
http://a-weinert.de/java/docs/aWeinertBib/de/a_weinert/realm/ADweRealm.html
) for Active Directory.

Active Directory (AD) lists certain default group memberships not
explicitely. So an user account, who is just "Domänen-Benutzer",
would get authentication but no roles and hence no Tomcat
rights w/o such a default role feature.

But I'm not sure if a change to the base class (RealmBase) is much help.
To use ADweRealm again as an example, it implements a primitive way
of Realm Chaining (badly needed with AD and missed in Tomcat). Here the
default role signals which Realm the user got her authentication from.
Under this aspect a base class implementation of the default role
feature would only make sense if the Realm Chaining feature would be
implemented there as well.


Best regards Albrecht

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Default Role in Realms

Posted by Filip Hanik - Dev Lists <de...@hanik.com>.

Mark Thomas wrote:
> Rainer Jung wrote:
>   
>> I added an optional configurable default role to the JNDIRealm.
>> That's useful, if you only want to authenticate the users (password check).
>>
>>    http://svn.apache.org/viewvc?rev=697213&view=rev
>>
>> I could as well add it to most of the other Realms, but I'm wondering,
>> if it would make more sense to introduce an additional getRoles to
>> RealmBase, which returns the default role if configured and can be
>> included in the getRoles already present in most of the Realm
>> implementations.
>>
>> Thoughts?
>>     
>
> I think it is just as useful for other realms so I would go ahead with
> adding getRoles() to RealmBase in some form. Maybe add getDefaultRole() to
> RealmBase and then call that from the other Realms?
>   
+1
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Default Role in Realms

Posted by Mark Thomas <ma...@apache.org>.

Rainer Jung wrote:
> I added an optional configurable default role to the JNDIRealm.
> That's useful, if you only want to authenticate the users (password check).
> 
>    http://svn.apache.org/viewvc?rev=697213&view=rev
> 
> I could as well add it to most of the other Realms, but I'm wondering,
> if it would make more sense to introduce an additional getRoles to
> RealmBase, which returns the default role if configured and can be
> included in the getRoles already present in most of the Realm
> implementations.
> 
> Thoughts?

I think it is just as useful for other realms so I would go ahead with
adding getRoles() to RealmBase in some form. Maybe add getDefaultRole() to
RealmBase and then call that from the other Realms?

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org