A. Weinert schrieb: > Rainer Jung schrieb: >> I added an optional configurable default role to the JNDIRealm. >> That's useful, if you only want to authenticate the users (password >> check). >> >> http://svn.apache.org/viewvc?rev=697213&view=rev >> >> I could as well add it to most of the other Realms, but I'm wondering, >> if it would make more sense to introduce an additional getRoles to >> RealmBase, which returns the default role if configured and can be >> included in the getRoles already present in most of the Realm >> implementations. >> >> Thoughts? >> >> Regards, >> >> Rainer > > Im my opinion a most useful feature, > as itreally is in ADweRealm (see > http://a-weinert.de/java/docs/aWeinertBib/de/a_weinert/realm/ADweRealm.html > ) for Active Directory. > > Active Directory (AD) lists certain default group memberships not > explicitely. So an user account, who is just "Domänen-Benutzer", > would get authentication but no roles and hence no Tomcat > rights w/o such a default role feature. > > But I'm not sure if a change to the base class (RealmBase) is much help. > To use ADweRealm again as an example, it implements a primitive way > of Realm Chaining (badly needed with AD and missed in Tomcat). Here the > default role signals which Realm the user got her authentication from. > Under this aspect a base class implementation of the default role > feature would only make sense if the Realm Chaining feature would be > implemented there as well.
I'll have a look, as it's already ASL 2 licensed. I also have recursive role searches in the queue (not committed yet) and Mark recently added a CombinedRealm to trunk. Regards, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
