Hi,
I was able to implement the form based
tomcat security on my web app. It was good. But because of some restriction from client i need to modify it.
The password is placed as in encryppted form in DB, so i can not rely on tomcat "authenticate" method which simple "select" the username/password from DB and match it. I have seen the implementation of (org.apache.catalina.realm.JDBCRealm).
Now, what i did, i wrote a CustomRealm
I put that file in server/lib and changed the server.xml with this entry
It works fine.
but now, when i am deploying it to application, i am wandering how would i communicate with Database, since my DB layer is combination of Spring, Hibernate and all daos, beans of application will not be available here in my this class, since it's in server side - application independent.
If i put this class in application WAR file and change the server.xml file to point that class, my server give exception at startup "class not found" which is quite logical.
Now, actually what i want - is to use the Tomcat Security to match user/password (password is encrypted form in DB - encryption done by my application before saving). If i use my Custom Realm, then how can i access my DB Connection classes populated by Spring/Hibernate?