Re: JDBCRealm + Expired Passwords

Wed, 22 Aug 2007 05:28:42 -0700 

Hi Steven
You are limited as to what logic the realm performs automatically, checking for expired passwords requires some manual work on your side. You might want to look at implementing a JAASRealm, and your own login module: 

See the bottom of this page:
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JDBCRealm
And:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html


For authentication you could duplicate the table structure in the 
JDBCRealm example, but add columns or another table to store a timestamp 
for when the user last changed/created their password.



Then In your login module compare that field to the current time. If the 
login is valid but fails because of expiry, then redirect to a change 
password page, otherwise authenticate or deny accordingly.


Kind regards
Peter
Stephen More wrote:

In looking at the docs:
http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html
there is no Attribute for "userCredExpireCol". How do I configure the
JDBCRealm to look at an expiration column ?


-Steve

On 8/22/07, Peter Stavrinides <[EMAIL PROTECTED]> wrote:

  

I also didn't understand exactly what you mean, but 'JDBCRealm'... implies 
using a database, so the simple way is to redirect and use a web form to change 
it, which is easy enough. If you don't want to use a web form then its an 
entirely different story, I assume some sort of extension or customization to 
Tomcat is required.

Peter

Christopher Schultz wrote:

    

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen,

Stephen More wrote:


      

Has anyone written or know of a JDBCRealm that supports an expired password ?


        

Can you phrase that in a different way? I wouldn't want my JDBCRealm to
allow expired passwords to be used.

Do you mean that you want expired-password-users to be forced to change
their password before doing anything else?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGyzw79CaO5/Lv0PARAmHNAKClt64b23+I7sH00qjLDGffNkbY/wCgniR1
99vbSIqBOgDuLkLX7D8V4ys=
=QI3O
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



      

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



    


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


  
























					Reply via email to