Rainer Jung schrieb:
I added an optional configurable default role to the JNDIRealm.
That's useful, if you only want to authenticate the users (password check).
http://svn.apache.org/viewvc?rev=697213&view=rev
I could as well add it to most of the other Realms, but I'm wondering,
if it would make more sense to introduce an additional getRoles to
RealmBase, which returns the default role if configured and can be
included in the getRoles already present in most of the Realm
implementations.
Thoughts?
Regards,
Rainer
Im my opinion a most useful feature,
as itreally is in ADweRealm (see
http://a-weinert.de/java/docs/aWeinertBib/de/a_weinert/realm/ADweRealm.html
) for Active Directory.
Active Directory (AD) lists certain default group memberships not
explicitely. So an user account, who is just "Domänen-Benutzer",
would get authentication but no roles and hence no Tomcat
rights w/o such a default role feature.
But I'm not sure if a change to the base class (RealmBase) is much help.
To use ADweRealm again as an example, it implements a primitive way
of Realm Chaining (badly needed with AD and missed in Tomcat). Here the
default role signals which Realm the user got her authentication from.
Under this aspect a base class implementation of the default role
feature would only make sense if the Realm Chaining feature would be
implemented there as well.
Best regards Albrecht
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
