If your requirements are simple you may not need to do much of anything. Tomcat has other authentication options besides the XML file, e.g. accessing a DB, LDAP or JAAS. Check out the Tomcat realm documentation for further details.
Thank You very much ranchers.Will look into that and post.
Joined: Aug 13, 2004
IS using realam a best practise?
I have seen in one application, where they have just normal struts action to submit the login form,
THe authentication part is done in filter for that action , with DB. Which one is the best practise?
For SSO, What is the best practise to follow for sso. I mean which api or tool to use it?
Joined: Mar 22, 2005
There is no best practice, really. It depends a whole lot on the requirements of your application. Some applications need more functionality than realms provide; in that case you need to roll your own.
Struts in particular needs to make do with what the Servlet API provides. That rules out using realms (which are a Tomcat-only thing).
Joined: Sep 17, 2006
Best practice is to make an Interlock. A grid, no matter how minor such that the system will continue to function in a reliable manner with 20% of the system broken, often this lattice brings Trust, Logging, Training, Observation and Rollback. Risk/Reward must be given some place in the analysis matrix, logon authentication is complexified by the fact that people will stickum the password on the front of the monitor.
One would not do that with keys to a storage shed.