This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes JSP and the fly likes Authentification in my webapp Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Authentification in my webapp" Watch "Authentification in my webapp" New topic
Author

Authentification in my webapp

Gezza Hall
Ranch Hand

Joined: Jan 04, 2005
Posts: 33
Hi all. I've built a JSP webapp which uses a authorization/authentification mechanism based on this idea here. Basically, a SecurityRealm is declared in the server.xml file.

It works great, but I need to adapt this so that I don't use the server.xml file, ie. all configuration is done using the web.xml. Can I achieve this, or would I have to completely redesign my whole app?

Thanks!
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
I think you need to configure the server accordingly by modifying server.xml, as stated there in your refered link.
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
This might help.
Gezza Hall
Ranch Hand

Joined: Jan 04, 2005
Posts: 33
Sorry, but if you read my question you will see that I am trying to move away from configuring the server.xml file.

This is what I was already using, and all require modification of that file.
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
I dont think any way of doing it without configuring the server.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41599
    
  55
You can't use Tomcats realms without configuring them in server.xml. And if that's not possible, then you can't use most of the web app security as defined in web.xml either, because that's automatically tied to those realms. It's not hard to roll your own code for Basic HTTP authentication and access some repository for user information, though.


Ping & DNS - my free Android networking tools app
Gezza Hall
Ranch Hand

Joined: Jan 04, 2005
Posts: 33
Well I managed it, you can do it without using the server.xml, if you implement this API - SecurityFilter - http://securityfilter.sourceforge.net/

Great stuff.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41599
    
  55
Gezza, that's indeed a very interesting project. I'm working on a project where the standard web-app security is insufficient (namely, the mapping of resources to be protected was not powerful enough), and this looks a good way to handle that. Thanks for posting the link.
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
Yes its likely to use security filters, no matter its ready made or one of your own.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authentification in my webapp