Re: Authentication and authorization questions

2007-09-21 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jean, jmuller wrote: > I've written my own DataSourceRealm that overwrite Tomcat's one, and put the > jar in server/lib. > It only overwrites the getRoles() method to change the SQL statement. See > source here: http://www.nabble.com/file/p12820411/D

Re: Authentication and authorization questions

2007-09-21 Thread jmuller
: > > possible OpenSessionInViewFilter problem > which version hibernate are you implementing with? > > M-- > - Original Message - > From: "jmuller" <[EMAIL PROTECTED]> > To: > Sent: Friday, September 21, 2007 9:14 AM > Subject: Re: Authentication and auth

Re: Authentication and authorization questions

2007-09-21 Thread Martin Gainty
possible OpenSessionInViewFilter problem which version hibernate are you implementing with? M-- - Original Message - From: "jmuller" <[EMAIL PROTECTED]> To: Sent: Friday, September 21, 2007 9:14 AM Subject: Re: Authentication and authorization questions > > &

Re: Authentication and authorization questions

2007-09-21 Thread jmuller
Christopher Schultz-2 wrote: > > -BEGIN PGP SIGNED MESSAGE- > ... >> How can you use JDBCRealm or DataSourceRealm with [numeric] foreign keys >> from roles >> table to user table, rather than requiring the roles table to duplicate >> whatever field (e.g. username, email address) will act

Re: Authentication and authorization questions

2007-08-30 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lb, lightbulb432 wrote: > But if the login and login-error pages are the same page (meaning > that when someone fails an access check they get redirected to the > login-error page, which is actually the login page where they must > re-enter their cred

Re: Authentication and authorization questions

2007-08-29 Thread lightbulb432
Great response. Follow-up questions below: Christopher Schultz-2 wrote: > When you login using form-based authentication, where invalid login > attempts >> redirect to the "form-error-page", how do you add a custom message to >> that >> page saying "Login Failed"? I ask because common practice i

Re: Authentication and authorization questions

2007-08-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lb, lightbulb432 wrote: > Where does Tomcat authentication fit into the request processing lifecycle? > Does it happen before even the very first filter gets called? Yes. It's implemented as a Valve that runs before any of your code gets a chance to

Re: Authentication and authorization questions

2007-08-29 Thread Glenn McCall
Below... I hope it helps Glenn Mc - Original Message - From: "lightbulb432" <[EMAIL PROTECTED]> To: Sent: Wednesday, August 29, 2007 2:33 PM Subject: Authentication and authorization questions I have several questions about authentication and authorization in Tomcat below, so an