You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/12/02 21:28:59 UTC
DO NOT REPLY [Bug 25148] New: -
JDBCRealm should get the user name from database after login and not use the string given by the user
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25148>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25148
JDBCRealm should get the user name from database after login and not use the string given by the user
Summary: JDBCRealm should get the user name from database after
login and not use the string given by the user
Product: Tomcat 4
Version: 4.1.29
Platform: All
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Other
Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: andreas@schildba.ch
The user_name column of my users table is case insensitive, so users do not need
to remember the case of their name (Am I "User" or "user"?).
The downside: request.getRemoteUser() always reflects the spelling used to log
in, not the spelling contained in the database. In order to get the correct
spelling, I have to "SELECT user_name FROM users WHERE user_name = ?" each time
I want to process the user name.
My suggestion is to also fetch the user name with the SELECT needed to get the
password when logging in. This shouldn't be of much impact, because the SELECT
statement is needed anyway, there is just one more column to transfer. JDBCRealm
should pass the name stored in the database when queried for the name to return
with request.getRemoteUser().
Regards,
Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org