29048 – Request changes to java permissions in DataSourceRealm

Bug 29048 - Request changes to java permissions in DataSourceRealm

Summary: Request changes to java permissions in DataSourceRealm

Status:	RESOLVED FIXED

Alias:	None

Product:	Tomcat 5
Classification:	Unclassified
Component:	Catalina (show other bugs)
Version:	5.0.19
Hardware:	Other other

Importance:	P3 enhancement (vote)
Target Milestone:	---
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-05-18 03:25 UTC by Stephen Davies
Modified:	2004-11-16 19:05 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stephen Davies 2004-05-18 03:25:39 UTC

My problem is this. I need to modify the DataSourceRealm so that failed login 
attempts are recorded and an account gets locked after a certain number of 
login failures.

I want to subclass the DataSourceRealm but unfortunately some of the key 
methods, authenticate(x3 params), open and close are declared private. The app 
is to be deployed at a commercial ISP so changing the DatSourceRealm class 
directly isn't a possibility. I intend to copy the class and make the 
appropriate changes as a sibling but it would have been preferable to just 
override these methods.

I would request that the permissions on useful methods in the 
org.apache.catalina.realm.DataSourceRealm be modified from private to protected 
to make future changes easier. I am more than happy to do these changes myself 
and send the modified class to you.

Comment 1 Dominik Drzewiecki 2004-05-18 08:04:56 UTC

You can achieve it the other (simpler, imho) way round. Provided that you have
the table containing user data (username, password) as well as its status (say
locked), All you have to do is to create a view selecting only unlocked account
table rows and make your DataSourceRealm use this view instead of the table. 

I see no point in bloating DSR with user-specific/app-specific functionality.

Comment 2 Stephen Davies 2004-05-18 10:57:39 UTC

As you say, providing a view will provide some of the required function without
code modification. The problem is that if the users fails authentication the
counter must be increased, if the users passes authentication the counter is
zeroed. That may be possible in a view but I can't see how to do it.

This is not a request for user-specific code to be placed in DSR. It is simply
an enhancement request to change method visibility from private to protected.
This will not 'bloat' the code space.

Classes are often used in ways the original designer did not cater for. In
attempting to reuse the functionality of DSR through subclassing, problems were
encountered. Because methods such as open, close & credentials were private they
had to be re-implemented in the subclass even though they were direct copies of
the superclass implementations. The authenticate(x2 params) method had to be
copied because it relied on the private authenticate(x3 params).

Changing the visibility will mean that app-specific subclasses can simply
override authenticate(x3). Surely this level of reuse is desirable?

Comment 3 Yoav Shapira 2004-05-26 19:52:19 UTC

I like this request, and we do want to encourage such extension, especially for 
such a good use-case.  Please send a diff patch against the class with your 
desired changes.

Comment 4 Yoav Shapira 2004-06-04 13:52:34 UTC

Made authenticate, open, and close methods protected instead of private.