<auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>tomcat</role-name> <role-name>role1</role-name> </auth-constraint> this is one part in web.xml dd file, i just can define roles but can't define the password corresponding with roles.how can help?
Sun Certified Java Programmer<br />Sun Certified Web Component Developer
Axel Janssen
Ranch Hand
Joined: Jan 08, 2001
Posts: 2164
posted
0
Hi Niu, there is a file called tomcat-users.xml in the conf under tomcat-root. There you can insert users and map those users to roles. (There are allready example users in the file) This is for separating programmer and deployer role. The programmer can use reusable roles in his app and its the responsability of the deployer or the administrator to map those roles to actual users. In commercial app-servers you are not constrained to such a simple file-based user-administration. You can use ldap or rdbms. But the mechanism stays the same. The roles are mapped to actual users at deployment time. Axel
Axel Janssen
Ranch Hand
Joined: Jan 08, 2001
Posts: 2164
posted
0
found that ressource about tomcat and security: http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html Havent tested, but looks very good. JDBC realms are not part of the exam as far as I know. But there seems to be a good example about using tomcat-users.xml Axel
0
